Bug #7497: status_dhcp_leases.php: DHCP Lease status does not encode hostname and some other data from leases file, leading to a potential XSS - pfSense - pfSense bugtracker

Actions

Copy link

Bug #7497

closed

status_dhcp_leases.php: DHCP Lease status does not encode hostname and some other data from leases file, leading to a potential XSS

Added by Jim Pingle over 7 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

Very High

Assignee:

Jim Pingle

Category:

DHCP (IPv4)

Target version:

2.3.4

Start date:

04/26/2017

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.3.x

Affected Architecture:

All

Description

A client can send a hostname containing <script> tags and the DHCP daemon will accept it and add it to the leases file. This hostname is then output as-is by the lease status view in the list and then again in action icons for the lease, leading to script execution on the client (for example).

Only affects IPv4 DHCP status, not IPv6

Confirmed on 2.4 and 2.3.x.

To me, I have a fix pending.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #7497

status_dhcp_leases.php: DHCP Lease status does not encode hostname and some other data from leases file, leading to a potential XSS

Updated by Jim Pingle over 7 years ago

Updated by Jim Pingle over 7 years ago

Updated by Jim Pingle over 7 years ago