CVE-2020-7106: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106) · Issue #3191 · Cacti/cacti

Comments

0xfatty changed the title Data source Data source input validation error leads to Stored XSS within Description

Jan 15, 2020

0xfatty changed the title Data source input validation error leads to Stored XSS within Description Device Description input validation error leads to Stored XSS in data_sources.php

Jan 15, 2020

0xfatty changed the title Device Description input validation error leads to Stored XSS in data_sources.php Vulnerability report: Device Description input validation error leads to Stored XSS in data_sources.php

Jan 15, 2020

cigamit changed the title Vulnerability report: Device Description input validation error leads to Stored XSS in data_sources.php Vulnerability report: Lack of escaping on some pages can lead to XSS exposure

Jan 16, 2020

cigamit added a commit that referenced this issue

Jan 16, 2020

* Vulnerability report: Lack of escaping on some pages can lead to XSS exposure * Also cleaning up additional copyrights * Make the way filter headers are escaped consistent

cigamit added a commit that referenced this issue

Jan 17, 2020

cigamit added a commit that referenced this issue

Jan 19, 2020

One additional lack of proper exscaping of stored database value.

0xfatty pushed a commit to 0xfatty/cacti that referenced this issue

Jan 23, 2020

0xfatty pushed a commit to 0xfatty/cacti that referenced this issue

Jan 23, 2020

netniV pushed a commit that referenced this issue

Jan 23, 2020

netniV changed the title Vulnerability report: Lack of escaping on some pages can lead to XSS exposure Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)

Feb 10, 2020

TheWitness added a commit that referenced this issue

Apr 16, 2020

Security: required more fixing like #3191((CVE-2020-7106))