Bug #15250
closed
Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.
100%
Description
Both haproxy_listeners_edit.php and haproxy_pool_edit.php define a custom cell drawing function which, unlike the standard one in the package, lacks encoding for its values when they are displayed.
As a consequence, values entered into the fields for frontend listener custom actions and backend ACL actions are printed back to the user without encoding, allowing HTML values to be passed which are then interpreted by the browser.
Updated by Jim Pingle about 1 year ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Fixed in https://github.com/pfsense/FreeBSD-ports/commit/953068694131b523e8906ee70b444c59c53d3eff
Fix also merged back into Plus 23.09.1, Plus 23.09, CE 2.7.2, CE 2.7.1 branches.
Updated by Jim Pingle about 1 year ago
- Private changed from Yes to No
Updated packages are now available.
Updated by Kris Phillips about 1 year ago
Updated 0.63_3 package is available in 24.03 repos, but has not yet been merged into 23.09.1. Package 0.63_2 is still the current package available.
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to Resolved
That is the latest version for 23.09.1. The version on dev snaps had already had a port revision bump for a change that wasn't backward compatible so they were bumped independently so that dev snapshots were still a higher version to ensure they would still be reinstalled on upgrade. Both branches/versions have this change included.