Bug #9335: Stored XSS in HAProxy / haproxy_listeners_edit.php - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #9335

open

Stored XSS in HAProxy / haproxy_listeners_edit.php

Added by Jim Pingle over 5 years ago. Updated over 5 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

Jim Pingle

Category:

haproxy

Target version:

Start date:

02/18/2019

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

All

Description

There is a stored XSS on haproxy_listeners.php via parameters submitted on haproxy_listeners_edit.php:

The following parameters are not encoded before display back to the user:

desc
table_actionsaclN

Since these are free-form, they can't be fully validated, so adding encoding is sufficient.

History
Notes
Property changes

Actions

Copy link

Updated by Jim Pingle over 5 years ago

Status changed from New to Feedback
Private changed from Yes to No

fix committed in haproxy pkg v 0.59_16 and haproxy-devel pkg v 0.59_17

https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c

Package is now available for 2.4.4 users.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #9335

Stored XSS in HAProxy / haproxy_listeners_edit.php

Updated by Jim Pingle over 5 years ago