Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628480 (CVE-2017-12978)

Summary: <net-analyzer/cacti-1.1.20: XSS via the title field of an external link (CVE-2017-12978)
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: C4 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 626992    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-08-21 07:59:31 UTC 
CVE-2017-12978 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12978):

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. 

References:

https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG#L18
https://github.com/Cacti/cacti/issues/918
https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-21 13:39:57 UTC 
Stabilization will happen in bug 626992.