Bug #7650: vendor/filebrowser/browser.php: Filename parameter is unencoded which can lead to a potential XSS - pfSense - pfSense bugtracker

Actions

Copy link

Bug #7650

closed

vendor/filebrowser/browser.php: Filename parameter is unencoded which can lead to a potential XSS

Added by Jim Pingle over 7 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

Web Interface

Target version:

2.3.4-p1

Start date:

06/16/2017

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

All

Description

First load a file on diag_edit.php and then save it with ');alert('XSS appended to the name, then browse and try to load the file.

In order to exploit this, the user must already have root access to the box to write a file, or write it themselves. There is no practical way to exploit this that would gain an attacker anything they couldn't get by other means with access to this page already. Still worth addressing.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #7650

vendor/filebrowser/browser.php: Filename parameter is unencoded which can lead to a potential XSS

Updated by Jim Pingle over 7 years ago

Updated by Jim Pingle over 7 years ago

Updated by Jim Pingle over 7 years ago