Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (CVE-2020-14424) #4261

Merged
merged 2 commits into from May 17, 2021
Merged

Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (CVE-2020-14424) #4261

merged 2 commits into from May 17, 2021

Conversation

ddb4github
Copy link
Contributor

No description provided.

netniV
netniV requested changes May 14, 2021
View reviewed changes
Copy link
Member

@netniV netniV left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this relates to a change in a previous release, can you add it again to the CHANGELOG under the current version with the appropriate title?

@netniV netniV merged commit d12800a into Cacti:1.2.x May 17, 2021
@ddb4github ddb4github deleted the merge3628 branch May 18, 2021 08:48
@netniV netniV changed the title Fixed: Merge solution of #3628 to 'midwinter' theme(CVE-2020-14424) Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (CVE-2020-14424) Jul 4, 2021
@netniV netniV added this to the 1.2.18 milestone Jul 4, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Oct 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@netniV netniV netniV approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2.18
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ddb4github @netniV