Actions
Bug #7876
closedPotential XSS in status_monitoring.php
Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Status_Monitoring
Target version:
Start date:
09/19/2017
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All
Description
The "view" variable in status_monitoring.php is taken from $_GET and used in a hidden input ("view-title") without encoding, thus user-supplied input from GET is being put directly in the resulting HTML, resulting in an XSS vector.
Updated by Jim Pingle over 7 years ago
- Status changed from Confirmed to Feedback
Fixes pushed to the freebsd-ports repo:
FreeBSD-ports/devel f044c1e4e3f647028c57ae1a572dc6377e555ff3
FreeBSD-ports/RELENG_2_4_0 c919d10d1194da689a18905801bfe86ceef82230
FreeBSD-ports/RELENG_2_3 0db1ce65a93b063c268aaed477252197d566da03
FreeBSD-ports/RELENG_2_3_4 c3c919d640ff0a7319b8f080184bb90dabc7807e
Updated by Jim Pingle over 7 years ago
- Status changed from Feedback to Resolved
Confirmed fixed on the latest snapshot.
Actions