"Cacti is prone to multiple cross-site-scripting and HTML-injection
vulnerabilities because it fails to properly sanitize user-supplied
input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the
affected browser, potentially allowing the attacker to steal
cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.
Cacti 0.8.7e is vulnerable; other versions may be affected as well. "
A patch to Cacti 0.8.7e is available which fixes this issue. It is
recommended to update to 0.8.7e and apply the patch. Official patches
for 0.8.7e can be found here: