Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities

http://www.securityfocus.com/bid/37109/info

"Cacti is prone to multiple cross-site-scripting and HTML-injection
vulnerabilities because it fails to properly sanitize user-supplied
input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the
affected browser, potentially allowing the attacker to steal
cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.

Cacti 0.8.7e is vulnerable; other versions may be affected as well. "

A patch to Cacti 0.8.7e is available which fixes this issue. It is
recommended to update to 0.8.7e and apply the patch. Official patches
for 0.8.7e can be found here:

http://www.cacti.net/download_patches.php