Update Info

openSUSE-2021-1190


Security update for cacti, cacti-spine


Type: security
Severity: moderate
Issued: 2021-08-25
Description:
This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.18:

* Fix missing time parameter on FROM_UNIXTIME function

cacti 1.2.18:

* CVE-2020-14424: Lack of escaping on template import can lead to
  XSS exposure under 'midwinter' theme (boo#1188188)
* Real time graphs can expose XSS issue


              

Packages


  • cacti-spine-1.2.18-bp153.2.3.1
  • cacti-1.2.18-bp153.2.3.1