Bug #13387: Input validation is not rejecting invalid description characters when editing a CA or Certificate - pfSense - pfSense bugtracker

Actions

Copy link

Bug #13387

closed

Input validation is not rejecting invalid description characters when editing a CA or Certificate

Added by Jim Pingle over 2 years ago. Updated almost 2 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

Certificates

Target version:

2.7.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.01

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

When editing an existing CA or Certificate, the description is not validated on save the way it is validated during other action (create, sign, etc).

There are some instances where the description is displayed without encoding as it's assumed to be validated, which means there is a potential for XSS there (e.g. save messages, Issuer column displaying the CA name, perhaps others), so we should encode those for good measure in addition to the validation.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #13387

Input validation is not rejecting invalid description characters when editing a CA or Certificate

Updated by Jim Pingle over 2 years ago

Updated by Danilo Zrenjanin over 2 years ago

Updated by Jim Pingle about 2 years ago

Updated by Jim Pingle almost 2 years ago

Updated by Jim Pingle almost 2 years ago

Updated by Danilo Zrenjanin almost 2 years ago

Updated by Jim Pingle almost 2 years ago