Bug #7651: firewall_nat_edit.php: dst_change JS can cause XSS with an invalid interface name - pfSense - pfSense bugtracker

Actions

Bug #7651

closed

firewall_nat_edit.php: dst_change JS can cause XSS with an invalid interface name

Added by Jim Pingle over 7 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

Very High

Assignee:

Category:

Web Interface

Target version:

Start date:

06/16/2017

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

All

Description

Two problems with firewall_nat_edit.php that together can lead to XSS via the interface parameter:

Lack of input validation allows the 'interface' parameter to be saved with an invalid value (interface that does not exist) through manipulation of the source or via external submission
When an invalid interface contains code that could trigger an XSS, it would be run by the dst_change invocation on line 1213 (master)

Actions

Also available in: Atom PDF