CVE-2008-0783 in Cacti
Summary
by MITRE
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/12/2025
The vulnerability CVE-2008-0783 represents a critical cross-site scripting weakness affecting Cacti monitoring software versions prior to specific patch releases. This vulnerability resides within the web application layer of the network monitoring platform, where user input is not properly sanitized before being rendered back to web browsers. The flaw manifests across multiple entry points within the application's interface, making it particularly dangerous as attackers can exploit different pathways to achieve the same malicious objective. The affected versions include Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, indicating this was a widespread issue affecting the software's core functionality.
The technical implementation of this vulnerability stems from insufficient input validation and output encoding practices within the Cacti application's codebase. Attackers can manipulate four distinct parameters to inject malicious scripts into the web application's response. The view_type parameter in graph.php allows attackers to inject scripts during graph rendering operations, while the filter parameter in graph_view.php enables similar injection during view filtering. The action parameter within the draw_navigation_text function in lib/functions.php provides access through both index.php and data_input.php, creating multiple attack vectors that can bypass traditional security controls. Additionally, the login_username parameter in index.php targets the authentication interface, potentially allowing attackers to capture credentials or redirect users to malicious sites.
The operational impact of this vulnerability is severe and multifaceted, as it can enable attackers to execute arbitrary code in the context of affected users' browsers. This capability allows for session hijacking, credential theft, and potential privilege escalation within the monitoring environment. The vulnerability affects the authentication page, meaning that successful exploitation could compromise user accounts and provide attackers with access to the entire monitoring infrastructure. Given that Cacti is commonly used for network monitoring, an attacker who successfully exploits this vulnerability could gain visibility into network traffic patterns, system configurations, and potentially access sensitive infrastructure data. The cross-site scripting nature means that the attack can be delivered through various means including phishing emails, compromised websites, or even through legitimate network traffic if the monitoring system is exposed to untrusted input sources.
Organizations should immediately apply the vendor patches released for Cacti versions 0.8.7b and 0.8.6k to address this vulnerability. System administrators should also implement additional security measures including input validation at the application level, output encoding of user-supplied data, and network segmentation to limit exposure of the monitoring infrastructure. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and follows ATT&CK technique T1566 for initial access through phishing or malicious web content. Network monitoring systems should also implement web application firewalls and regular security assessments to identify similar vulnerabilities that may exist in other components of the monitoring stack. Organizations should conduct thorough vulnerability assessments to ensure that all instances of Cacti are updated and that no other similar injection vulnerabilities exist in their network monitoring infrastructure.