Project

General

Profile

Bug #7651

firewall_nat_edit.php: dst_change JS can cause XSS with an invalid interface name

Added by Jim Pingle about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
Web Interface
Target version:
Start date:
06/16/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

Two problems with firewall_nat_edit.php that together can lead to XSS via the interface parameter:

  • Lack of input validation allows the 'interface' parameter to be saved with an invalid value (interface that does not exist) through manipulation of the source or via external submission
  • When an invalid interface contains code that could trigger an XSS, it would be run by the dst_change invocation on line 1213 (master)

Associated revisions

Revision 9c8540ca (diff)
Added by Jim Pingle about 2 years ago

Add input validation for interface names on firewall_nat_edit.php and fix encoding of the interface name in dst_change. Fixes #7651

Revision 425174ae (diff)
Added by Jim Pingle about 2 years ago

Add input validation for interface names on firewall_nat_edit.php and fix encoding of the interface name in dst_change. Fixes #7651

Revision bae3b2be (diff)
Added by Jim Pingle about 2 years ago

Add input validation for interface names on firewall_nat_edit.php and fix encoding of the interface name in dst_change. Fixes #7651

History

#1 Updated by Jim Pingle about 2 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

Fixed

#3 Updated by Jim Pingle almost 2 years ago

  • Private changed from Yes to No

Also available in: Atom PDF