Project

General

Profile

Actions

Bug #8143

closed

XSS in status_filter_reload.php

Added by Anonymous about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
Web Interface
Target version:
Start date:
11/28/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

I am not sure the procedure for pushing fixes like this. If I push it to gitlab will it be public? I wouldn't want to expose a security flaw until its fixed. If you type this in the URL with a pfsense box you will find it pretty easily. "status_filter_reload.php?user=</script><script>alert(1)</script>" The fix is pretty simple in status_filter_reload.php on line 169 if you change

if ("<?=$_REQUEST['user']?>" != "true")

to
if ("<?=htmlspecialchars($_REQUEST['user'])?>" != "true")

It works fine.

Actions

Also available in: Atom PDF