Security update for cacti, cacti-spine SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1190-1 Final 1 1 2021-08-25T15:55:18Z current 2021-08-25T15:55:18Z 2021-08-25T15:55:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cacti, cacti-spine This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.18: * Fix missing time parameter on FROM_UNIXTIME function cacti 1.2.18: * CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (boo#1188188) * Real time graphs can expose XSS issue The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1190 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JBZLNMUSFBOJOEX22NOPCJOWBJDHPBAA/ E-Mail link for openSUSE-SU-2021:1190-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1188188 SUSE Bug 1188188 https://www.suse.com/security/cve/CVE-2020-14424/ SUSE CVE CVE-2020-14424 page SUSE Package Hub 12 SUSE Package Hub 15 SP3 openSUSE Leap 15.2 openSUSE Leap 15.3 cacti-1.2.18-bp153.2.3.1 cacti-spine-1.2.18-bp153.2.3.1 cacti-1.2.18-bp153.2.3.1 as a component of SUSE Package Hub 12 cacti-spine-1.2.18-bp153.2.3.1 as a component of SUSE Package Hub 12 cacti-1.2.18-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 cacti-spine-1.2.18-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 cacti-1.2.18-bp153.2.3.1 as a component of openSUSE Leap 15.2 cacti-spine-1.2.18-bp153.2.3.1 as a component of openSUSE Leap 15.2 cacti-1.2.18-bp153.2.3.1 as a component of openSUSE Leap 15.3 cacti-spine-1.2.18-bp153.2.3.1 as a component of openSUSE Leap 15.3 Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. CVE-2020-14424 SUSE Package Hub 12:cacti-1.2.18-bp153.2.3.1 SUSE Package Hub 12:cacti-spine-1.2.18-bp153.2.3.1 SUSE Package Hub 15 SP3:cacti-1.2.18-bp153.2.3.1 SUSE Package Hub 15 SP3:cacti-spine-1.2.18-bp153.2.3.1 openSUSE Leap 15.2:cacti-1.2.18-bp153.2.3.1 openSUSE Leap 15.2:cacti-spine-1.2.18-bp153.2.3.1 openSUSE Leap 15.3:cacti-1.2.18-bp153.2.3.1 openSUSE Leap 15.3:cacti-spine-1.2.18-bp153.2.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JBZLNMUSFBOJOEX22NOPCJOWBJDHPBAA/ https://www.suse.com/security/cve/CVE-2020-14424.html CVE-2020-14424 https://bugzilla.suse.com/1188188 SUSE Bug 1188188