Bugzilla – Bug 1163749
VUL-0: CVE-2020-7106: cacti: Lack of escaping on some pages can lead to XSS exposure
Last modified: 2020-05-24 18:56:33 UTC
Fixed in cacti 1.2.9: security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
This is an autogenerated message for OBS integration: This bug (1163749) was mentioned in https://build.opensuse.org/request/show/774590 15.1 / cacti+cacti-spine
openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1
openSUSE-SU-2020:0284-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Backports SLE-15-SP1 (src): cacti-1.2.9-bp151.4.3.1, cacti-spine-1.2.9-bp151.4.3.1
done
https://www.cacti.net/changelog.php Changelog 1.2.12 security#3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)
https://build.opensuse.org/request/show/801089 https://build.opensuse.org/request/show/801092 https://build.opensuse.org/request/show/801094