Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Real time graphs can expose XSS issue #4276

Merged
merged 2 commits into from May 19, 2021
Merged

Real time graphs can expose XSS issue #4276

merged 2 commits into from May 19, 2021

Conversation

ddb4github
Copy link
Contributor

@ddb4github ddb4github commented May 19, 2021
edited

Reproduce Step:
Access URL:

https://127.0.0.1/cacti/graph_realtime.php?action=init&top=0&left=0&local_graph_id=19&graph_start=-60&ds_step=10&count=0&size=100&graph_nolegend=falsehzr6g%3cimg%20src%3da%20onerror%3dalert(document.URL)%3epdzi5https://127.0.0.1/cacti/auth_profile.php?action=edit&headercontent=true&_=1618915792978

@TheWitness TheWitness merged commit b19f780 into Cacti:1.2.x May 19, 2021
@ddb4github ddb4github deleted the xssfixing branch May 20, 2021 03:21
@netniV netniV changed the title Fixed: XSS issue in graph_realtime.php Real time graphs can expose XSS issue Jul 4, 2021
@netniV netniV added the SECURITY A security issue reported through CVE label Jul 4, 2021
@netniV netniV added this to the 1.2.18 milestone Jul 4, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Oct 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
SECURITY A security issue reported through CVE
Projects
None yet
Milestone
1.2.18
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ddb4github @TheWitness @netniV