Bug #8302: traffic_graphs.widget.php potential XSS via settings - pfSense - pfSense bugtracker

Actions

Copy link

Bug #8302

closed

traffic_graphs.widget.php potential XSS via settings

Added by Jim Pingle almost 7 years ago. Updated over 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Dashboard

Target version:

2.4.3

Start date:

01/29/2018

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.x

Affected Architecture:

All

Description

traffic_graphs.widget.php does not perform input validation on its settings, which can lead to a potential XSS due to the way the settings are used in JavaScript.

The widget needs input validation and to encode the setting output before use.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #8302

traffic_graphs.widget.php potential XSS via settings

Updated by Jim Pingle almost 7 years ago

Updated by Anonymous over 6 years ago

Updated by Jim Pingle over 6 years ago

Updated by Jim Pingle over 6 years ago