Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
http://cacti.net/release_notes_0_8_7g.php
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://secunia.com/advisories/41041
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025
http://svn.cacti.net/viewvc?view=rev&revision=6025
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.securityfocus.com/bid/42575
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=459105