Bug #9554: Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php - pfSense Packages - pfSense bugtracker

Bug #9554

Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php

Added by Chi Tran 3 months ago. Updated 10 days ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

ACME

Target version:

Start date:

05/25/2019

Due date:

% Done:

100%

Estimated time:

Affected Version:

2.4.4-p3

Affected Architecture:

amd64

Description

Stored XSS vulnerability occurs due to input validation errors in "Name" and "Description" fields when adding new account key.

Remediation:
- HTML Escape on those parameters would probably fix the issue.

Proof of Concept:
- See attached picture

Stored XSS.PNG (34.4 KB) Stored XSS.PNG

Chi Tran, 05/25/2019 04:05 PM

History

#1 Updated by Jim Pingle 3 months ago

Project changed from pfSense to pfSense Packages
Category set to ACME
Assignee set to Jim Pingle

In the future, do not report security issues via Redmine. See https://www.netgate.com/security/

#2 Updated by Jim Pingle 3 months ago

Private changed from No to Yes

#3 Updated by Jim Pingle 3 months ago

Status changed from New to Feedback
% Done changed from 0 to 100

Fixed in ACME 0.5.8

#4 Updated by Jim Pingle 3 months ago

Private changed from Yes to No

#5 Updated by Jim Pingle 10 days ago

Status changed from Feedback to Resolved

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Issues

Custom queries