Actions
Bug #8143
closed
XSS in status_filter_reload.php
Start date:
11/28/2017
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
I am not sure the procedure for pushing fixes like this. If I push it to gitlab will it be public? I wouldn't want to expose a security flaw until its fixed. If you type this in the URL with a pfsense box you will find it pretty easily. "status_filter_reload.php?user=</script><script>alert(1)</script>" The fix is pretty simple in status_filter_reload.php on line 169 if you change
if ("<?=$_REQUEST['user']?>" != "true")
to
if ("<?=htmlspecialchars($_REQUEST['user'])?>" != "true")
It works fine.
Updated by
Actions