[Bug 1122245] VUL-1: CVE-2018-20723: cacti: cross-site scripting (XSS) vulnerability exists in color_templates.php due to lack of escaping of unintended characters in the Name field for a Color.

http://bugzilla.suse.com/show_bug.cgi?id=1122245 http://bugzilla.suse.com/show_bug.cgi?id=1122245#c6 --- Comment #6 from Swamp Workflow Management --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.