Bug #11616: Potential stored XSS vulnerability in services_wol.php - pfSense - pfSense bugtracker

Actions

Copy link

Bug #11616

closed

Potential stored XSS vulnerability in services_wol.php

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

High

Assignee:

Jim Pingle

Category:

Wake on LAN

Target version:

2.5.1

Start date:

03/03/2021

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

All

Affected Architecture:

Description

There is a potential stored XSS in services_wol.php.

When waking all devices (services_wol.php?wakeall=true) the page prints the WOL entry description without encoding, which can result in a stored XSS vulnerability.

Steps to reproduce:

Services > Wake on LAN
Create a WOL entry with a description such as <script>alert(1)</script>
Services > Wake on LAN
Click "Wake All Devices"

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #11616

Potential stored XSS vulnerability in services_wol.php

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle over 3 years ago