Bug #15778
closed
Interface group members are not validated on load/save on ``interfaces_groups_edit.php``, and are printed without encoding on ``interfaces_groups.php``
Added by zhao mouren about 1 month ago.
Updated 10 days ago.
Plus Target Version:
24.11
- Subject changed from interfaces_groups_edit.php exists xss to Interface group members are not validated on load/save on ``interfaces_groups_edit.php``, and are printed without encoding on ``interfaces_groups.php``
- Description updated (diff)
- Status changed from New to Confirmed
- Assignee set to Jim Pingle
- Priority changed from Normal to High
- Target version set to 2.8.0
- Plus Target Version set to 24.11
In the future, please submit security concerns privately via the process documented at https://www.netgate.com/security
Updated subject/description to match observed behavior. Keeping public for now since it was submitted publicly.
I was able to confirm a problem here but the screenshot at the linked URL is weird in that the URL and XSS dialog in the screenshot are from interfaces_groups.php but that does not match the rest of the content in the screenshot background which is from interfaces_groups_edit.php. Might be a browser quirk or how the screenshot was created, but it's still odd. There isn't any way I could find that resulted in an XSS dialog on interfaces_groups_edit.php directly with the error message shown in the screenshot about the group already existing. The XSS appeared on interfaces_groups.php where it prints the member list, which matches the URL in the screenshot.
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Closed
Seems to be working properly on save and load in current builds.
Also available in: Atom
PDF
Updated by