VIR Vulnerability Intelligence Relay

CVE-2014-5025

low
Published 2014-10-20 · Modified 2026-05-06
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-5025

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://bugs.cacti.net/view.php?id=2456

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0.8.8b+dfsg-7
debian debianbullseyefixed0.8.8b+dfsg-7
debian debianforkyfixed0.8.8b+dfsg-7
debian debiansidfixed0.8.8b+dfsg-7
debian debiantrixiefixed0.8.8b+dfsg-7
debian debian7.0affected
suse suse13.1affected
suse suse13.2affected

Application impact
VendorProductVersionsFixed
cacticacti0.8.8b

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.