[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-4032":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":78,"related":79,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":208,"epss":209,"epss_history":212,"metrics":467,"affected":472},"CVE-2009-4032","Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,61],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":55,"metasploit":9},"10234","Cacti 0.8.7e - Multiple Vulnerabilities","exploit-database","https://www.exploit-db.com/exploits/10234","poc",0.8,true,[54],"php",{"verified":52,"type":56,"platform":54,"file":57,"codes":58},"webapps","exploits/php/webapps/10234.txt",[59,60,7],"CVE-2010-2543","OSVDB-60566",{"_key":62,"name":63,"source":48,"url":64,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":65,"requires_auth":9,"exploitdb":66,"metasploit":9},"33374","Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities","https://www.exploit-db.com/exploits/33374",[54],{"verified":52,"type":56,"platform":54,"file":67,"codes":68},"exploits/php/webapps/33374.txt",[7,60],[],[],[72,74,76],{"_key":73},"RHSA-2010:0635",{"_key":75},"DSA-1954-1",{"_key":77},"DEBIAN-CVE-2009-4032",[],[],"2009-11-27T19:00:00.000Z","2024-08-07T06:45:50.905Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.06761,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[93,99,105,110,116,122,127,133,137,142,147,152,157,161,165,169,173,178,183,187,191,196,200,204],{"url":94,"sources":95,"tags":97},"http://www.cacti.net/download_patches.php",[96,90],"cve.org",[98],"X Refsource CONFIRM",{"url":100,"sources":101,"tags":102},"http://www.securityfocus.com/archive/1/508129/100/0/threaded",[96,90],[103,104],"Mailing List","X Refsource BUGTRAQ",{"url":106,"sources":107,"tags":108},"http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html",[96,90],[103,109],"X Refsource FULLDISC",{"url":111,"sources":112,"tags":113},"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html",[96,90],[114,115],"Vendor Advisory","X Refsource FEDORA",{"url":117,"sources":118,"tags":119},"http://secunia.com/advisories/38087",[96,90],[120,121,114],"Third Party Advisory","X Refsource SECUNIA",{"url":123,"sources":124,"tags":125},"http://jvn.jp/en/jp/JVN09758120/index.html",[96,90],[120,126],"X Refsource JVN",{"url":128,"sources":129,"tags":130},"https://exchange.xforce.ibmcloud.com/vulnerabilities/54388",[96,90],[131,132],"VDB Entry","X Refsource XF",{"url":134,"sources":135,"tags":136},"http://secunia.com/advisories/41041",[96,90],[120,121,114],{"url":138,"sources":139,"tags":140},"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html",[96,90],[120,141],"X Refsource JVNDB",{"url":143,"sources":144,"tags":145},"http://docs.cacti.net/#cross-site_scripting_fixes",[96,90],[98,146],"Patch",{"url":148,"sources":149,"tags":150},"https://rhn.redhat.com/errata/RHSA-2010-0635.html",[96,90],[114,151],"X Refsource REDHAT",{"url":153,"sources":154,"tags":155},"http://www.openwall.com/lists/oss-security/2009/11/25/2",[96,90],[103,156,146],"X Refsource MLIST",{"url":158,"sources":159,"tags":160},"http://www.openwall.com/lists/oss-security/2009/11/30/2",[96,90],[103,156],{"url":162,"sources":163,"tags":164},"http://secunia.com/advisories/37481",[96,90],[120,121,114],{"url":166,"sources":167,"tags":168},"http://www.openwall.com/lists/oss-security/2009/11/25/4",[96,90],[103,156,146],{"url":170,"sources":171,"tags":172},"http://www.openwall.com/lists/oss-security/2009/11/26/1",[96,90],[103,156],{"url":174,"sources":175,"tags":176},"http://www.securityfocus.com/bid/37109",[96,90],[131,177,146],"X Refsource BID",{"url":179,"sources":180,"tags":181},"http://www.vupen.com/english/advisories/2009/3325",[96,90],[131,182,146,114],"X Refsource VUPEN",{"url":184,"sources":185,"tags":186},"http://www.vupen.com/english/advisories/2010/2132",[96,90],[131,182],{"url":188,"sources":189,"tags":190},"http://secunia.com/advisories/37934",[96,90],[120,121,114],{"url":192,"sources":193,"tags":194},"http://www.osvdb.org/60483",[96,90],[131,195],"X Refsource OSVDB",{"url":197,"sources":198,"tags":199},"http://bugs.gentoo.org/show_bug.cgi?id=294573",[96,90],[98],{"url":201,"sources":202,"tags":203},"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html",[96,90],[114,115],{"url":205,"sources":206,"tags":207},"http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch",[96,90],[98,146],[],{"date":210,"score":86,"percentile":211},"2026-06-04",0.91458,[213,216,218,221,224,227,230,232,235,238,241,244,246,249,251,254,257,260,263,265,268,270,273,276,279,282,285,287,290,293,296,299,302,305,308,310,312,315,318,321,324,327,329,332,335,338,341,344,347,350,353,356,359,361,364,366,369,372,375,378,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,425,427,430,433,436,439,442,445,448,451,454,457,460,462,464],{"date":214,"score":86,"percentile":215},"2025-11-04",0.90878,{"date":217,"score":86,"percentile":215},"2025-11-05",{"date":219,"score":86,"percentile":220},"2025-11-06",0.90879,{"date":222,"score":86,"percentile":223},"2025-11-07",0.90886,{"date":225,"score":86,"percentile":226},"2025-11-08",0.90887,{"date":228,"score":86,"percentile":229},"2025-11-09",0.90885,{"date":231,"score":86,"percentile":223},"2025-11-10",{"date":233,"score":86,"percentile":234},"2025-11-11",0.90884,{"date":236,"score":86,"percentile":237},"2025-11-12",0.90888,{"date":239,"score":86,"percentile":240},"2025-11-13",0.90889,{"date":242,"score":86,"percentile":243},"2025-11-14",0.90892,{"date":245,"score":86,"percentile":240},"2025-11-15",{"date":247,"score":86,"percentile":248},"2025-11-16",0.90895,{"date":250,"score":86,"percentile":243},"2025-11-17",{"date":252,"score":86,"percentile":253},"2025-11-18",0.90381,{"date":255,"score":86,"percentile":256},"2025-11-19",0.90386,{"date":258,"score":86,"percentile":259},"2025-11-20",0.9039,{"date":261,"score":86,"percentile":262},"2025-11-21",0.90899,{"date":264,"score":86,"percentile":262},"2025-11-22",{"date":266,"score":86,"percentile":267},"2025-11-23",0.90902,{"date":269,"score":86,"percentile":267},"2025-11-24",{"date":271,"score":86,"percentile":272},"2025-11-25",0.90905,{"date":274,"score":86,"percentile":275},"2025-11-26",0.90904,{"date":277,"score":86,"percentile":278},"2025-11-27",0.90903,{"date":280,"score":86,"percentile":281},"2025-11-28",0.90894,{"date":283,"score":86,"percentile":284},"2025-11-29",0.90928,{"date":286,"score":86,"percentile":284},"2025-11-30",{"date":288,"score":86,"percentile":289},"2025-12-01",0.90981,{"date":291,"score":86,"percentile":292},"2025-12-02",0.9098,{"date":294,"score":86,"percentile":295},"2025-12-03",0.90982,{"date":297,"score":86,"percentile":298},"2025-12-04",0.90927,{"date":300,"score":86,"percentile":301},"2025-12-05",0.9093,{"date":303,"score":86,"percentile":304},"2025-12-06",0.90931,{"date":306,"score":86,"percentile":307},"2025-12-07",0.90926,{"date":309,"score":86,"percentile":284},"2025-12-08",{"date":311,"score":86,"percentile":301},"2025-12-09",{"date":313,"score":86,"percentile":314},"2025-12-10",0.90937,{"date":316,"score":86,"percentile":317},"2025-12-11",0.90944,{"date":319,"score":86,"percentile":320},"2025-12-12",0.90948,{"date":322,"score":86,"percentile":323},"2025-12-13",0.90938,{"date":325,"score":86,"percentile":326},"2025-12-14",0.90936,{"date":328,"score":86,"percentile":314},"2025-12-15",{"date":330,"score":86,"percentile":331},"2025-12-16",0.90945,{"date":333,"score":86,"percentile":334},"2025-12-17",0.90954,{"date":336,"score":86,"percentile":337},"2025-12-18",0.9096,{"date":339,"score":86,"percentile":340},"2025-12-19",0.90961,{"date":342,"score":86,"percentile":343},"2025-12-20",0.90962,{"date":345,"score":86,"percentile":346},"2025-12-21",0.90971,{"date":348,"score":86,"percentile":349},"2025-12-22",0.90966,{"date":351,"score":86,"percentile":352},"2025-12-23",0.90977,{"date":354,"score":86,"percentile":355},"2025-12-24",0.90984,{"date":357,"score":86,"percentile":358},"2025-12-25",0.90985,{"date":360,"score":86,"percentile":295},"2025-12-26",{"date":362,"score":86,"percentile":363},"2025-12-27",0.91031,{"date":365,"score":86,"percentile":292},"2025-12-28",{"date":367,"score":86,"percentile":368},"2025-12-29",0.90975,{"date":370,"score":86,"percentile":371},"2025-12-30",0.90979,{"date":373,"score":86,"percentile":374},"2025-12-31",0.90989,{"date":376,"score":86,"percentile":377},"2026-01-01",0.91057,{"date":379,"score":86,"percentile":380},"2026-01-02",0.91052,{"date":382,"score":86,"percentile":383},"2026-01-03",0.91051,{"date":385,"score":86,"percentile":386},"2026-01-04",0.91002,{"date":388,"score":86,"percentile":389},"2026-01-05",0.91,{"date":391,"score":86,"percentile":392},"2026-01-06",0.91003,{"date":394,"score":86,"percentile":395},"2026-01-07",0.91006,{"date":397,"score":86,"percentile":398},"2026-01-08",0.91009,{"date":400,"score":86,"percentile":401},"2026-01-09",0.91014,{"date":403,"score":86,"percentile":404},"2026-01-10",0.91019,{"date":406,"score":86,"percentile":407},"2026-01-11",0.91012,{"date":409,"score":86,"percentile":410},"2026-01-12",0.91013,{"date":412,"score":86,"percentile":413},"2026-01-13",0.9101,{"date":415,"score":86,"percentile":416},"2026-01-14",0.91023,{"date":418,"score":86,"percentile":419},"2026-01-15",0.91025,{"date":421,"score":86,"percentile":422},"2026-01-16",0.91029,{"date":424,"score":86,"percentile":363},"2026-01-17",{"date":426,"score":86,"percentile":363},"2026-01-18",{"date":428,"score":86,"percentile":429},"2026-01-19",0.91032,{"date":431,"score":86,"percentile":432},"2026-01-20",0.91033,{"date":434,"score":86,"percentile":435},"2026-01-21",0.91036,{"date":437,"score":86,"percentile":438},"2026-01-22",0.91038,{"date":440,"score":86,"percentile":441},"2026-01-23",0.91047,{"date":443,"score":86,"percentile":444},"2026-01-24",0.91055,{"date":446,"score":86,"percentile":447},"2026-01-25",0.91056,{"date":449,"score":86,"percentile":450},"2026-01-26",0.91059,{"date":452,"score":86,"percentile":453},"2026-01-27",0.91061,{"date":455,"score":86,"percentile":456},"2026-01-28",0.91067,{"date":458,"score":86,"percentile":459},"2026-01-29",0.91068,{"date":461,"score":86,"percentile":456},"2026-01-30",{"date":463,"score":86,"percentile":456},"2026-01-31",{"date":465,"score":86,"percentile":466},"2026-02-01",0.91122,[468],{"source":90,"cvss_v2_0":469,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":88,"baseSeverity":9,"vectorString":91,"impactScore":470,"exploitabilityScore":471},2.9,8.6,[473],{"ecosystem":9,"name":474,"vendor":9,"product":474,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"Cacti",[476],{"version":477,"is_range":84,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"0.8.7e","cpe"]