Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improper escaping of error message leads to XSS during template import preview #3723

Closed
joelister opened this issue Jul 24, 2020 · 1 comment
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team SECURITY A security issue reported through CVE
Milestone

Comments

@joelister
Copy link

joelister commented Jul 24, 2020

the XSS issue has been found on templates_import.php (Cacti 1.2.13). The vulnerability could be exploited by an attacker by forcing a user to upload a file with a "name" or "xml_path" containing client-side code

12
13
14

@joelister joelister added bug Undesired behaviour unverified Some days we don't have a clue labels Jul 24, 2020
@netniV netniV changed the title the XSS issue has been found on templates_import.php (Cacti 1.2.13). The vulnerability could be exploited by an attacker by forcing a user to upload a file with a "name" or "xml_path" containing client-side code Improper escaping of error message leads to XSS during template import preview Jul 26, 2020
@netniV netniV added confirmed Bug is confirm by dev team SECURITY A security issue reported through CVE and removed unverified Some days we don't have a clue labels Jul 26, 2020
@netniV netniV added this to the v1.2.14 milestone Jul 26, 2020
@netniV
Copy link
Member

netniV commented Jul 26, 2020

Thank you for reporting this to us so. I have patched this now to prevent the message from being used to report an issue.

If you do obtain a CVE for this, we can update the changelog afterwards.

@github-actions github-actions bot locked and limited conversation to collaborators Oct 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team SECURITY A security issue reported through CVE
Projects
None yet
Development

No branches or pull requests

2 participants