Project

General

Profile

Actions
Copy link

Bug #4698

closed

XSS in system_authservers.php

Added by Jim Pingle over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Web Interface
Target version:
2.2.3
Start date:
05/11/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.2
Affected Architecture:
All

Description

Reported by Nicholas Starke:

I found an XSS vulnerability in PFSense 2.2.2. Here are my notes on the vuln:

Path:
/system_authservers.php?act=new

Field: Descriptive Name
Value: " /><svg onload="prompt(9)" />

Then go to path:
/system_authservers.php

Click delete button for newly created auth server entry. Error message
contains injected script.

Bug was confirmed. Fix committed in e29271f2fb7e3490942f9f32684524348b254a9b and fd2526291a9672aa5119120495c03c4d357297f5 -- adding here for history.

No data to display

Actions
Copy link

Also available in: Atom PDF