Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 760705 (CVE-2020-25706) - <net-analyzer/cacti-1.2.14: XSS in templates_import.php (CVE-2020-25706)
Summary: <net-analyzer/cacti-1.2.14: XSS in templates_import.php (CVE-2020-25706)
Status: RESOLVED FIXED
Alias: CVE-2020-25706
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://github.com/Cacti/cacti/issues...
Whiteboard: B4 [noglsa]
Keywords: CC-ARCHES
Depends on:
Blocks:
 
Reported: 2020-12-19 08:23 UTC by John Helmert III
Modified: 2020-12-29 06:44 UTC (History)
1 user (show)

See Also:
Package list:
net-analyzer/cacti-1.2.14
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-19 08:23:01 UTC
CVE-2020-25706:

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field


Please stabilize when ready.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-12-20 16:41:01 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-12-24 10:03:52 UTC
amd64 stable
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-29 06:43:59 UTC
sparc stable
Comment 4 Larry the Git Cow gentoo-dev 2020-12-29 06:44:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46478d39248628c5ba118839a7e051f519408792

commit 46478d39248628c5ba118839a7e051f519408792
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-12-29 06:44:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-29 06:44:24 +0000

    net-analyzer/cacti: security cleanup
    
    Bug: https://bugs.gentoo.org/760705
    Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/cacti/Manifest            |  1 -
 net-analyzer/cacti/cacti-1.2.13.ebuild | 48 ----------------------------------
 2 files changed, 49 deletions(-)