Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xss in spikekill.php via para method #907

Closed
kevinoclam opened this issue Aug 15, 2017 · 2 comments
Closed

xss in spikekill.php via para method #907

kevinoclam opened this issue Aug 15, 2017 · 2 comments
Labels
spikekill Issue related to removing spikes from graphs

Comments

@kevinoclam
Copy link

it's not a high level vuln, maybe medium or low
line 37
echo __("FATAL: Spike Kill method '%s' is Invalid\n", get_nfilter_request_var('method'));
should change into
echo __("FATAL: Spike Kill method '%s' is Invalid\n", htmlspecialchars(get_nfilter_request_var('method')));
default
I should found this at issue 877, I'm sorry for the delay

chen ruiqi
codesafe team of qihoo 360
cigamit added a commit that referenced this issue Aug 15, 2017
@cigamit
Resolving Issue #907
a032ce0 
XSS in spikekill.php
@cigamit
Copy link
Member

cigamit commented Aug 15, 2017

Resolved. Thanks for making Cacti a better tool!

@cigamit cigamit closed this as completed Aug 15, 2017
@carnil
Copy link

carnil commented Aug 18, 2017

This issue has been assigned CVE-2017-12927

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 30, 2020
@TheWitness TheWitness added the spikekill Issue related to removing spikes from graphs label Jul 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
spikekill Issue related to removing spikes from graphs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@carnil @cigamit @TheWitness @kevinoclam