Bug #9499: Potential XSS in status_filter_reload.php via NAT rule description - pfSense - pfSense bugtracker

Actions

Copy link

Bug #9499

closed

Potential XSS in status_filter_reload.php via NAT rule description

Added by Jim Pingle over 5 years ago. Updated over 5 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

Web Interface

Target version:

2.4.4-p3

Start date:

05/03/2019

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

All

Description

status_filter_reload.php does not encode the output before display, so user-entered free-form text such as rule descriptions containing HTML can be interpreted by the browser.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #9499

Potential XSS in status_filter_reload.php via NAT rule description

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago