Project

General

Profile

Bug #8143

XSS in status_filter_reload.php

Added by Stephen Jones 8 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
Web Interface
Target version:
Start date:
11/28/2017
Due date:
% Done:

100%

Affected Version:
All
Affected Architecture:
All

Description

I am not sure the procedure for pushing fixes like this. If I push it to gitlab will it be public? I wouldn't want to expose a security flaw until its fixed. If you type this in the URL with a pfsense box you will find it pretty easily. "status_filter_reload.php?user=</script><script>alert(1)</script>" The fix is pretty simple in status_filter_reload.php on line 169 if you change

if ("<?=$_REQUEST['user']?>" != "true")

to
if ("<?=htmlspecialchars($_REQUEST['user'])?>" != "true")

It works fine.

Associated revisions

Revision 82b1d76f
Added by Stephen Jones 8 months ago

Fixed #8143 Remove any html special characters for request variable

Revision fea5a8af
Added by Stephen Jones 8 months ago

Fixed #8143 Remove any html special characters for request variable

Revision 11b3b8e6
Added by Stephen Jones 8 months ago

Fixed #8143 Remove any html special characters for request variable

Revision 36ca9be2
Added by Stephen Jones 8 months ago

Fixed #8143 Remove any html special characters for request variable

History

#1 Updated by Jim Pingle 8 months ago

  • Category set to Web Interface
  • Priority changed from Normal to Very High
  • Affected Architecture set to All

Usually we will push a fix to master and cherry pick it to the latest development and release branches, which right now would be: RELENG_2_4_2, RELENG_2_3, and RELENG_2_3_5. This bug report will remain private until whatever release(es) we put out next, at which time we'll draft an SA for it. Having the fix be public isn't a problem for cases like this.

#2 Updated by Stephen Jones 8 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 8 months ago

  • Status changed from Feedback to Resolved
  • Target version set to 2.4.2_1
  • Affected Version set to All

This looks good in current snapshots.

#4 Updated by Jim Pingle 7 months ago

  • Private changed from Yes to No

Also available in: Atom PDF