Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues #4576

Closed
TheWitness opened this issue Feb 27, 2022 · 0 comments
Labels
bug Undesired behaviour SECURITY A security issue reported through CVE
Milestone

Comments

@TheWitness
Copy link
Member

Describe the bug

If any of the above Cacti Graph objects have a title with an stored XSS script value, it can be executed during Cacti's Callback process. This can lead to XSS issues in Cacti.

To Reproduce

Steps to reproduce the behavior:

  1. Save an object above with a title of <script>alert('something');<?script>

  2. Goto any Cacti page that includes one of these object callbacks

  3. Search on something

  4. See error

Expected behavior

Less bugs in Cacti!

@TheWitness TheWitness added bug Undesired behaviour SECURITY A security issue reported through CVE labels Feb 27, 2022
@TheWitness TheWitness added this to the v1.2.20 milestone Feb 27, 2022
TheWitness added a commit that referenced this issue Feb 27, 2022
#4578, #4574

-security#4576: Stored XSS Issue in Cacti Device, Graph, Graph Template, and Graph Items callbacks
-security#4579: Cacti account lockout policies are not properly applied to LDAP and Domain Users
-issue#4573: The Cacti permission system does not scale to very large installations
-issue#4575: When you delete a user, their 'remember me' cookie data is not automatically removed
-issue#4576: Stored XSS Issue in Cacti Device, Graph, Graph Template, and Graph Items callbacks
-issue#4577: Cacti allows you to disable the currently logged in administrator disabling the user
-issue#4578: The Cacti login algorithm is complicated to understand due to too much strait line code
-feature#4574: Cacti needs some additional permission methods for larger installations

This change properly documents the file lib/auth.php using phpDocument format, and performed multiple sanity and readability changes such as the renaming of variables commonly used in multiple functions.

The the restructuring of the three authentication files:

- auth_login.php
- include/auth.php
- lib/auth.php

Makes the code more readable, it's not a complete solution, however, it is much easier to follow now.
@netniV netniV changed the title Stored XSS Issue in Cacti Device, Graph, Graph Template, and Graph Items callbacks Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues Apr 3, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Dec 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour SECURITY A security issue reported through CVE
Projects
None yet
Development

No branches or pull requests

1 participant