Bug 1054390 - (CVE-2017-12927) VUL-0: CVE-2017-12927: cacti: XSS in methodparameter in spikekill.php.
(CVE-2017-12927)
VUL-0: CVE-2017-12927: cacti: XSS in methodparameter in spikekill.php.
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/190661/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-18 08:47 UTC by Andreas Stieger
Modified: 2018-08-03 22:10 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-08-18 08:47:46 UTC
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method
parameter in spikekill.php.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12927
https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99
https://github.com/Cacti/cacti/issues/907
Comment 1 Andreas Stieger 2017-08-23 19:01:38 UTC
https://build.opensuse.org/request/show/518436
Comment 2 Andreas Stieger 2017-09-05 21:35:01 UTC
done
Comment 3 Swamp Workflow Management 2017-09-06 01:11:29 UTC
openSUSE-SU-2017:2367-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1054390,1054742
CVE References: CVE-2017-12927,CVE-2017-12978
Sources used:
openSUSE Leap 42.3 (src):    cacti-1.1.19-22.1, cacti-spine-1.1.19-13.1
openSUSE Leap 42.2 (src):    cacti-1.1.19-16.6.1, cacti-spine-1.1.19-7.6.1
Comment 4 Swamp Workflow Management 2018-07-28 18:10:25 UTC
This is an autogenerated message for OBS integration:
This bug (1054390) was mentioned in
https://build.opensuse.org/request/show/625957 Backports:SLE-12 / cacti
Comment 5 Swamp Workflow Management 2018-08-03 22:10:08 UTC
openSUSE-OU-2018:2194-1: An update that fixes 33 vulnerabilities is now available.

Category: optional (low)
Bug References: 022564,1047512,1048102,1050950,1051633,1054390,1054742,1067163,1067164,1067166,1068028,1101024,1101139,837440,862993,867607,870821,872008,934187,937997,958863,958977,960678,965930,971357,974013
CVE References: CVE-2006-6799,CVE-2007-3112,CVE-2007-3113,CVE-2013-5588,CVE-2013-5589,CVE-2014-2326,CVE-2014-2327,CVE-2014-2328,CVE-2014-2708,CVE-2014-2709,CVE-2014-4000,CVE-2014-4002,CVE-2014-5025,CVE-2014-5026,CVE-2015-4342,CVE-2015-4634,CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313,CVE-2016-3172,CVE-2016-3659,CVE-2017-10970,CVE-2017-11163,CVE-2017-11691,CVE-2017-12065,CVE-2017-12927,CVE-2017-12978,CVE-2017-15194,CVE-2017-16641,CVE-2017-16660,CVE-2017-16661,CVE-2017-16785
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    cacti-1.1.38-2.1