XSS in status_filter_reload.php
I am not sure the procedure for pushing fixes like this. If I push it to gitlab will it be public? I wouldn't want to expose a security flaw until its fixed. If you type this in the URL with a pfsense box you will find it pretty easily. "status_filter_reload.php?user=</script><script>alert(1)</script>" The fix is pretty simple in status_filter_reload.php on line 169 if you change
if ("<?=$_REQUEST['user']?>" != "true")
if ("<?=htmlspecialchars($_REQUEST['user'])?>" != "true")
It works fine.
#1 Updated by Jim Pingle about 2 months ago
- Category set to Web Interface
- Priority changed from Normal to Very High
- Affected Architecture set to All
Usually we will push a fix to master and cherry pick it to the latest development and release branches, which right now would be: RELENG_2_4_2, RELENG_2_3, and RELENG_2_3_5. This bug report will remain private until whatever release(es) we put out next, at which time we'll draft an SA for it. Having the fix be public isn't a problem for cases like this.