Bug #3459: XSS - snort package - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #3459

closed

XSS - snort package

Added by Fernando Munoz about 10 years ago. Updated about 10 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

Snort

Target version:

Start date:

02/17/2014

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

There is no output encoding for the logfile variable, which leads to two reflected XSS point in the file snort_log_view.php, one after "Log File:" and other inside the textarea. Example:

http://ip/snort/snort_log_view.php?logfile=</textarea>XSS<marquee>ss

History
Notes
Property changes

Actions

Copy link

Updated by Renato Botelho about 10 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset commit:048bb82a0e2c814da90816657ecedf59fedf8dbd.

Actions

Copy link

Updated by Chris Buechler about 10 years ago

Status changed from Feedback to Resolved

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #3459

XSS - snort package

Updated by Renato Botelho about 10 years ago

Updated by Chris Buechler about 10 years ago