[Bug 1122244] VUL-1: CVE-2018-20724: cacti: cross-site scripting (XSS) vulnerability exists in pollers.php due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
http://bugzilla.suse.com/show_bug.cgi?id=1122244 http://bugzilla.suse.com/show_bug.cgi?id=1122244#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com