Project

General

Profile

Actions

Bug #7651

closed

firewall_nat_edit.php: dst_change JS can cause XSS with an invalid interface name

Added by Jim Pingle almost 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
Web Interface
Target version:
Start date:
06/16/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Two problems with firewall_nat_edit.php that together can lead to XSS via the interface parameter:

  • Lack of input validation allows the 'interface' parameter to be saved with an invalid value (interface that does not exist) through manipulation of the source or via external submission
  • When an invalid interface contains code that could trigger an XSS, it would be run by the dst_change invocation on line 1213 (master)
Actions

Also available in: Atom PDF