OPENSUSE-SU-2021:1190-1

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2020-14424
Published: 25 Aug 2021, 15:55
Last modified:04 Feb 2026, 03:30

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Aug 2021, 15:55
Published
Vulnerability first disclosed
04 Feb 2026, 03:30
Last Modified
Vulnerability information updated

Description

Security update for cacti, cacti-spine This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.18: * Fix missing time parameter on FROM_UNIXTIME function cacti 1.2.18: * CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (boo#1188188) * Real time graphs can expose XSS issue

Affected Systems

  • opensusecacti-spine&distro=openSUSE Leap 15.2

    < 1.2.18-bp153.2.3.1

  • opensusecacti-spine&distro=openSUSE Leap 15.3

    < 1.2.18-bp153.2.3.1

  • opensusecacti&distro=openSUSE Leap 15.2

    < 1.2.18-bp153.2.3.1

  • opensusecacti&distro=openSUSE Leap 15.3

    < 1.2.18-bp153.2.3.1

  • susecacti-spine&distro=SUSE Package Hub 12

    < 1.2.18-bp153.2.3.1

  • susecacti-spine&distro=SUSE Package Hub 15 SP3

    < 1.2.18-bp153.2.3.1

  • susecacti&distro=SUSE Package Hub 12

    < 1.2.18-bp153.2.3.1

  • susecacti&distro=SUSE Package Hub 15 SP3

    < 1.2.18-bp153.2.3.1

References (3)