SUSE Package Hub - openSUSE-2021-1190

Update Info

openSUSE-2021-1190

Security update for cacti, cacti-spine

Type: security

Severity: moderate

Issued: 2021-08-25

Description:

This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.18:

* Fix missing time parameter on FROM_UNIXTIME function

cacti 1.2.18:

* CVE-2020-14424: Lack of escaping on template import can lead to
  XSS exposure under 'midwinter' theme (boo#1188188)
* Real time graphs can expose XSS issue

References

Packages

cacti-spine-1.2.18-bp153.2.3.1

cacti-1.2.18-bp153.2.3.1