Bug #7876: Potential XSS in status_monitoring.php - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #7876

closed

Potential XSS in status_monitoring.php

Added by Jim Pingle about 7 years ago. Updated about 7 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Jim Pingle

Category:

Status_Monitoring

Target version:

pfSense - 2.4.0

Start date:

09/19/2017

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

All

Description

The "view" variable in status_monitoring.php is taken from $_GET and used in a hidden input ("view-title") without encoding, thus user-supplied input from GET is being put directly in the resulting HTML, resulting in an XSS vector.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #7876

Potential XSS in status_monitoring.php

Updated by Jim Pingle about 7 years ago

Updated by Jim Pingle about 7 years ago

Updated by Jim Pingle about 7 years ago

Updated by Jim Pingle about 7 years ago