Lack of escaping on template import can lead to XSS exposure

[cpelliccioni]

A XSS issue has been found on templates_import.php (Cacti 1.2.12). The vulnerability could be exploited by an attacker by forcing a user to upload a file with a name containing client-side code.

<img src=# onerror=alert(document.domain)>.php

Go to http://127.0.0.1/cacti/templates_report.php and upload the file. An alert box with the current IP or domain will be shown up.

CVE-2020-14424

[TheWitness]

Man, that's creative ;). Great work.

[TheWitness]

@cpelliccioni, update to the 1.2.x branch and see if you can reproduce. If not, please close. Note, you will have to reload the various main.js files for the themes before testing.