[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2020:1060-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":71,"epss":9,"epss_history":72,"metrics":73,"affected":74},"OPENSUSE-SU-2020:1060-1","Security update for cacti, cacti-spine\n\nThis update for cacti, cacti-spine fixes the following issues:\n\n- cacti 1.2.13:\n\n  * Query XSS vulnerabilities require vendor package update\n    (CVE-2020-11022 / CVE-2020-11023)\n  * Lack of escaping on some pages can lead to XSS exposure\n  * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n  * SQL Injection vulnerability due to input validation failure when\n    editing colors (CVE-2020-14295, boo#1173090)\n  * Lack of escaping on template import can lead to XSS exposure\n\n- switch from cron to systemd timers (boo#1115436):\n  + cacti-cron.timer\n  + cacti-cron.service\n- avoid potential root escalation on systems with fs.protected_hardlinks=0\n  (boo#1154087): handle directory permissions in file section instead\n  of using chown during post installation\n- rewrote apache configuration to get rid of .htaccess files and \n  explicitely disable directory permissions per default \n  (only allow a limited, well-known set of directories)\n\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2020-11022",{"_key":17},"CVE-2020-11023",{"_key":19},"CVE-2020-13625",{"_key":21},"CVE-2020-14295",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2020-07-25T18:21:21Z","2026-02-04T04:27:08.288093Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,41,46,50,54,59,63,67],{"url":35,"sources":36,"tags":39},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VVPI65AW45TXMRAYCWJ6YJT3LF4GIMWL/",[37,38],"osv_suse","osv_opensuse",[40],"Advisory",{"url":42,"sources":43,"tags":44},"https://bugzilla.suse.com/1115436",[37,38],[45],"REPORT",{"url":47,"sources":48,"tags":49},"https://bugzilla.suse.com/1154087",[37,38],[45],{"url":51,"sources":52,"tags":53},"https://bugzilla.suse.com/1173090",[37,38],[45],{"url":55,"sources":56,"tags":57},"https://www.suse.com/security/cve/CVE-2020-11022",[37,38],[58],"WEB",{"url":60,"sources":61,"tags":62},"https://www.suse.com/security/cve/CVE-2020-11023",[37,38],[58],{"url":64,"sources":65,"tags":66},"https://www.suse.com/security/cve/CVE-2020-13625",[37,38],[58],{"url":68,"sources":69,"tags":70},"https://www.suse.com/security/cve/CVE-2020-14295",[37,38],[58],[],[],[],[75,88,92,99,103,109],{"ecosystem":76,"name":77,"vendor":78,"product":79,"cpe_part":9,"purl_type":80,"purl_namespace":78,"purl_name":79,"source":9,"versions":81},"openSUSE","cacti-spine","opensuse","cacti-spine&distro=openSUSE Leap 15.1","rpm",[82],{"version":83,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":86,"version_end_type":87,"fixed_in":9},"lt1_2_13_8_1",true,"ecosystem","1.2.13-8.1","excluding",{"ecosystem":76,"name":77,"vendor":78,"product":89,"cpe_part":9,"purl_type":80,"purl_namespace":78,"purl_name":89,"source":9,"versions":90},"cacti-spine&distro=openSUSE Leap 15.2",[91],{"version":83,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":86,"version_end_type":87,"fixed_in":9},{"ecosystem":76,"name":93,"vendor":78,"product":94,"cpe_part":9,"purl_type":80,"purl_namespace":78,"purl_name":94,"source":9,"versions":95},"cacti","cacti&distro=openSUSE Leap 15.1",[96],{"version":97,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":87,"fixed_in":9},"lt1_2_13_11_1","1.2.13-11.1",{"ecosystem":76,"name":93,"vendor":78,"product":100,"cpe_part":9,"purl_type":80,"purl_namespace":78,"purl_name":100,"source":9,"versions":101},"cacti&distro=openSUSE Leap 15.2",[102],{"version":97,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":87,"fixed_in":9},{"ecosystem":104,"name":77,"vendor":105,"product":106,"cpe_part":9,"purl_type":80,"purl_namespace":105,"purl_name":106,"source":9,"versions":107},"SUSE Linux Enterprise","suse","cacti-spine&distro=SUSE Package Hub 12",[108],{"version":83,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":86,"version_end_type":87,"fixed_in":9},{"ecosystem":104,"name":93,"vendor":105,"product":110,"cpe_part":9,"purl_type":80,"purl_namespace":105,"purl_name":110,"source":9,"versions":111},"cacti&distro=SUSE Package Hub 12",[112],{"version":97,"is_range":84,"range_type":85,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":87,"fixed_in":9}]