Bug 1218358 (CVE-2023-50569)

Summary: VUL-0: CVE-2023-50569: cacti: Reflected Cross Site Scripting (XSS) vulnerability in Cacti
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: OtherAssignee: Paolo Stivanin <pstivanin>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, Andreas.Stieger
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/389196/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-22 14:23:09 UTC 
Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50569
https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf#file-gistfile1-txt
Comment 3 Andreas Stieger 2023-12-24 13:10:50 UTC 
Duplicate assignment of CVE-2023-50250 / https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73

*** This bug has been marked as a duplicate of bug 1218380 ***