Actions
Bug #9866
closedfreeradius_view_config.php: File contents are displayed without encoding
Start date:
10/31/2019
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All
Description
freeradius_view_config.php reads and displays the contents of several FreeRADIUS-related files. The contents are displayed without encoding, which enables potential XSS exploitation.
Updated by Jim Pingle over 4 years ago
- Status changed from New to Feedback
Fixed in FreeRADIUS3 pkg version 0.15.7_3
https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a
Updated by Max Leighton over 3 years ago
Tested in freeradius3 version 0.15.7_20. I see special characters are being converted as expected. This issue can be marked as resolved.
Actions