XSS issues on multiple pages
A list of 30 XSS issues was posted publicly without following responsible disclosure practices, they all need tested/confirmed/fixed. Only 14 are unique, the rest are duplicated.
6 pages affected in total.
- Exploit Author: Ozer Goker
Updated by Jim Pingle over 3 years ago
- XSS1 - Reproduced during redirect when changing protocols, added validation for the input and redirect
- XSS2 - Unable to reproduce directly as stated, the submitted value was not printed back to the user anywhere on that page. I added validation anyhow.
- XSS3-26 - Reproduced issues with bad values displayed on firewall_rules.php via firewall_check_for_advanced_options() in guiconfig.inc. Added encoding to that function.
- XSS3/11/19 - Added DSCP value validation.
- XSS4/12/20 - Added tag value validation.
- XSS5/13/21 - Added tagged value validation.
- XSS6/14/22 - Added statetype validation.
- XSS7/15/23 - Added vlanprio validation.
- XSS8/16/24 - Added vlanprioset validation.
- XSS9/17/25 - Added dnpipe/pdnpipe validation.
- XSS10/18/26 - Added ackqueue/defaultqueue validation.
- XSS27 - Unable to reproduce as stated. New queue name field has input validation that prevents the input, old queue name is scrubbed before use when editing. Only way I could come close was to hand edit the bad value into config.xml. I added encoding to help there, but I wouldn't consider that a vulnerability as there is no way to reach that state other than directly editing the configuration.
- XSS28 - Reproduced, but the actual problem was in the entry display on services_igmpproxy.php. Added encoding there, plus input validation on services_igmpproxy_edit.php
- XSS30 - Reproduced, added encoding to the error message