http://bugzilla.opensuse.org/show_bug.cgi?id=1131952 Bug ID: 1131952 Summary: VUL-1: CVE-2019-11025: cacti: an XSS vulnerability exists due to missing escape before printing the SNMP community string Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/229228/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: liedke@rz.uni-mannheim.de Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-11025 In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11025 http://www.cvedetails.com/cve/CVE-2019-11025/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11025 https://github.com/Cacti/cacti/issues/2581 https://github.com/Cacti/cacti/compare/6ea486a...99995bb -- You are receiving this mail because: You are on the CC list for the bug.