Bug #9554: Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php - pfSense Packages - pfSense bugtracker

Bug #9554

Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php

Added by Chi Tran 30 days ago. Updated 27 days ago.

Status:

Feedback

Priority:

Normal

Assignee:

Jim Pingle

Category:

ACME

Target version:

Start date:

05/25/2019

Due date:

% Done:

100%

Estimated time:

Affected Version:

2.4.4-p3

Affected Architecture:

amd64

Description

Stored XSS vulnerability occurs due to input validation errors in "Name" and "Description" fields when adding new account key.

Remediation:
- HTML Escape on those parameters would probably fix the issue.

Proof of Concept:
- See attached picture

Stored XSS.PNG (34.4 KB) Stored XSS.PNG

Chi Tran, 05/25/2019 04:05 PM

History

#1 Updated by Jim Pingle 30 days ago

Project changed from pfSense to pfSense Packages
Category set to ACME
Assignee set to Jim Pingle

In the future, do not report security issues via Redmine. See https://www.netgate.com/security/

#2 Updated by Jim Pingle 30 days ago

Private changed from No to Yes

#3 Updated by Jim Pingle 27 days ago

Status changed from New to Feedback
% Done changed from 0 to 100

Fixed in ACME 0.5.8

#4 Updated by Jim Pingle 27 days ago

Private changed from Yes to No

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Issues

Custom queries