Bug #3461: XSS - package system - pfSense - pfSense bugtracker

Actions

Bug #3461

closed

XSS - package system

Added by Fernando Munoz over 7 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

High

Assignee:

-

Category:

Package System

Target version:

Start date:

02/17/2014

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

Description

pkg parameter isn't encoded properly, it's possible to inject javascript code:

https://ip/pkg_mgr_install.php?mode=delete&pkg=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E

Actions

#1

Updated by Ermal Luçi over 7 years ago

Target version set to 2.1.1
Affected Version set to All

Actions

#2

Updated by Ermal Luçi over 7 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset 82921e738bb9d1a784733152822a9e976767ce3a.

Actions

#3

Updated by Ermal Luçi over 7 years ago

Applied in changeset 6766e4771ef6582212044ab8938f4757776618a4.

Actions

#4

Updated by Renato Botelho over 7 years ago

Status changed from Feedback to Resolved

Actions

Also available in: Atom PDF