Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect handling of fields led to potential XSS issues #4019

Closed
TheWitness opened this issue Dec 23, 2020 · 1 comment
Closed

Incorrect handling of fields led to potential XSS issues #4019

TheWitness opened this issue Dec 23, 2020 · 1 comment
Labels
resolved A fixed issue SECURITY A security issue reported through CVE
Milestone

Comments

@TheWitness
Copy link
Member

Describe the bug

There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti.

Expected behavior

Cacti should never allow things like this to happen.

@TheWitness TheWitness added the SECURITY A security issue reported through CVE label Dec 23, 2020
@TheWitness TheWitness added this to the v1.2.17 milestone Dec 23, 2020
TheWitness added a commit that referenced this issue Dec 23, 2020
* In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed
* Also removed a few spurious title_trims, that should no longer be a problem.
@TheWitness TheWitness added the resolved A fixed issue label Dec 23, 2020
@TheWitness
Copy link
Member Author

@paulgevers , @DavidLiedke, @mortenstevens, @ddb4github

Guys, here is the second one...

@netniV netniV changed the title In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed. Correct issues with incorrect handling of fields leading to potential XSS issues Jan 4, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Apr 5, 2021
@netniV netniV changed the title Correct issues with incorrect handling of fields leading to potential XSS issues Incorrect handling of fields leading to potential XSS issues Apr 30, 2021
@netniV netniV changed the title Incorrect handling of fields leading to potential XSS issues Incorrect handling of fields led to potential XSS issues Apr 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
resolved A fixed issue SECURITY A security issue reported through CVE
Projects
None yet
Development

No branches or pull requests

1 participant