Improper escaping of error message leads to XSS during template import preview

the XSS issue has been found on templates_import.php (Cacti 1.2.13). The vulnerability could be exploited by an attacker by forcing a user to upload a file with a "name" or "xml_path"  containing client-side code

![12](https://user-images.githubusercontent.com/35767652/88395674-06eb0000-cdf4-11ea-9e03-60a134ffb461.png)
![13](https://user-images.githubusercontent.com/35767652/88395687-0c484a80-cdf4-11ea-82d7-eb6adb071c1c.png)
![14](https://user-images.githubusercontent.com/35767652/88395702-0f433b00-cdf4-11ea-97cf-c778f775a133.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Improper escaping of error message leads to XSS during template import preview #3723

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Improper escaping of error message leads to XSS during template import preview #3723

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions