Overview

File _patchinfo of Package patchinfo.16868

<patchinfo incident="16868">
  <issue tracker="cve" id="2020-14424"/>
  <issue tracker="bnc" id="1188188">VUL-0: CVE-2020-14424: cacti: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme</issue>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for cacti, cacti-spine</summary>
  <description>This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.18:

* Fix missing time parameter on FROM_UNIXTIME function

cacti 1.2.18:

* CVE-2020-14424: Lack of escaping on template import can lead to
  XSS exposure under 'midwinter' theme (boo#1188188)
* Real time graphs can expose XSS issue

This update was imported from the openSUSE:Leap:15.2:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places