Bug #8143
closed
XSS in status_filter_reload.php
100%
Description
I am not sure the procedure for pushing fixes like this. If I push it to gitlab will it be public? I wouldn't want to expose a security flaw until its fixed. If you type this in the URL with a pfsense box you will find it pretty easily. "status_filter_reload.php?user=</script><script>alert(1)</script>" The fix is pretty simple in status_filter_reload.php on line 169 if you change
if ("<?=$_REQUEST['user']?>" != "true")
to
if ("<?=htmlspecialchars($_REQUEST['user'])?>" != "true")
It works fine.
Updated by Jim Pingle over 6 years ago
- Category set to Web Interface
- Priority changed from Normal to Very High
- Affected Architecture All added
- Affected Architecture deleted (
)
Usually we will push a fix to master and cherry pick it to the latest development and release branches, which right now would be: RELENG_2_4_2, RELENG_2_3, and RELENG_2_3_5. This bug report will remain private until whatever release(es) we put out next, at which time we'll draft an SA for it. Having the fix be public isn't a problem for cases like this.
Updated by Anonymous over 6 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 82b1d76f934d793fe681c9c80da1a8e32cefc1f5.
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
- Target version set to 2.4.2-p1
- Affected Version set to All
This looks good in current snapshots.