Bug #5876: system_gateway_groups_edit.php: Gateway description is printed without escaping - pfSense - pfSense bugtracker

Actions

Copy link

Bug #5876

closed

system_gateway_groups_edit.php: Gateway description is printed without escaping

Added by Jim Pingle almost 10 years ago. Updated almost 9 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Jim Pingle

Category:

Gateways

Target version:

Start date:

02/10/2016

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2.5

Affected Architecture:

Description

On system_gateway_groups_edit.php, if a gateway has a description using a string containing JS, it will show up here and be executed. The description needs escaping before display.

Fix is ready, will commit momentarily. Only affects 2.2.x, 2.3 does not exhibit the behavior.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #5876

system_gateway_groups_edit.php: Gateway description is printed without escaping

Updated by Jim Pingle almost 10 years ago

Updated by Jim Pingle almost 10 years ago

Updated by Jim Pingle almost 9 years ago