[Pkg-cacti-maint] Bug#869848: cacti: Cross-site scripting vulnerability in auth_profile.php
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 27 02:58:59 UTC 2017
Source: cacti
Version: 1.1.13+ds1-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://github.com/Cacti/cacti/issues/867
Hi
There is a XSS vulnerability in auth_profile.php which can be taken
advantage from by authenticated users:
Upstream issue: https://github.com/Cacti/cacti/issues/867
Upstream fix: https://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c
A CVE has been requested.
Regards,
Salvatore
More information about the Pkg-cacti-maint
mailing list