CVE-2020-25706

Опубликовано: 12 нояб. 2020

Источник: debian

Описание

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.2.14+ds1-1		package
cacti	not-affected		stretch	package

Примечания

https://github.com/Cacti/cacti/issues/3723
https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
introduced by https://github.com/Cacti/cacti/commit/0ba5711f09338a7019ed5622701a7effd83ba701

Связанные уязвимости

CVE-2020-25706

CVSS3: 5.4

ubuntu

около 5 лет назад

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

CVE-2020-25706

CVSS3: 5.4

nvd

около 5 лет назад

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

GHSA-7q49-9j54-8r38

CVSS3: 6.1

github

больше 3 лет назад

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field