Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lack of escaping on template import can lead to XSS exposure #3628

Closed
cpelliccioni opened this issue Jun 18, 2020 · 2 comments
Closed

Lack of escaping on template import can lead to XSS exposure #3628

cpelliccioni opened this issue Jun 18, 2020 · 2 comments
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@cpelliccioni
Copy link

cpelliccioni commented Jun 18, 2020

A XSS issue has been found on templates_import.php (Cacti 1.2.12). The vulnerability could be exploited by an attacker by forcing a user to upload a file with a name containing client-side code.

<img src=# onerror=alert(document.domain)>.php

Go to http://127.0.0.1/cacti/templates_report.php and upload the file. An alert box with the current IP or domain will be shown up.

Screenshot 2020-06-17 at 00 09 32

CVE-2020-14424

@cpelliccioni cpelliccioni added bug Undesired behaviour unverified Some days we don't have a clue labels Jun 18, 2020
@cpelliccioni cpelliccioni changed the title XSS on templates_import.php XSS on templates_import.php (Cacti 1.2.12) Jun 18, 2020
@TheWitness
Copy link
Member

Man, that's creative ;). Great work.

TheWitness added a commit that referenced this issue Jun 19, 2020
XSS on templates_import.php for CVE-2020-14424
@TheWitness TheWitness added resolved A fixed issue and removed unverified Some days we don't have a clue labels Jun 19, 2020
@TheWitness
Copy link
Member

@cpelliccioni, update to the 1.2.x branch and see if you can reproduce. If not, please close. Note, you will have to reload the various main.js files for the themes before testing.

@TheWitness TheWitness added this to the 1.2.13 milestone Jun 28, 2020
@netniV netniV changed the title XSS on templates_import.php (Cacti 1.2.12) Lack of escaping on template import can lead to XSS exposure Jul 12, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Oct 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants