Bug #16116
closed
Potential XSS in Wake on LAN page and widget
100%
Description
The page at services_wol_edit.php does not perform sufficient validation on the interface value submitted by users when creating or editing a WoL entry. This value is sent back to the user without encoding in the WOL list on services_wol.php and on the dashboard widget wake_on_lan.widget.php, which is a potential XSS vector.
Creating a new entry with the following data reproduces the problem condition:
{
"interface": "wan\"><script>alert('XSS')</script>",
"mac": "aa:bb:cc:dd:ee:00",
"descr": "XSS+Test",
"save": "Save"
}
Files
Updated by Jim Pingle about 2 months ago
- File poc-xss-wol-16116.py added
- Description updated (diff)
Attached is a small proof of concept script which can trigger the problem. Ensure there is no WOL entry named "XSS Test" before running the script.
After running the script, an XSS alert will appear on services_wol.php and on the Dashboard if the WOL widget is active.
Updated by Jim Pingle about 2 months ago
- File poc-xss-wol-16116.py poc-xss-wol-16116.py added
Updated POC
Updated by Jim Pingle about 2 months ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 6a92af14584d22f077e1421e952674f880cd5b6c.
Updated by Georgiy Tyutyunnik 26 days ago
tested, reproduced on 25.07.a.20250331.2135
fixed in 25.07.a.20250409.0600 and later