CVE-2020-7106

Priority
Description
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php,
graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and
user_group_admin.php, as demonstrated by the description parameter in
data_sources.php (a raw string from the database that is displayed by
$header to trigger the XSS).
Notes
Package
Source: cacti (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
Patches:
Upstream:https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
More Information

Updated: 2020-01-29 19:05:40 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)