Project

General

Profile

Actions

Bug #991

closed

multiple XSS issues

Added by dave b almost 14 years ago. Updated almost 14 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
11/04/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

/pkg_edit.php?xml=olsrd.xml&id=%22/%3E%3Cscript%3Ealert%282%29;%3C/script%3E/status_graph.php?if=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
/graph.php?ifnum=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&ifname=
/graph.php?ifnum=&ifname=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

Actions #1

Updated by Chris Buechler almost 14 years ago

  • Subject changed from issue 2 THIS ONLY AFFECTS BETA 4 2.0 to multiple XSS issues
  • Category set to Web Interface

please don't open a bunch of tickets where there is only one issue.

Actions #2

Updated by dave b almost 14 years ago

Chris Buechler wrote:

please don't open a bunch of tickets where there is only one issue.

OH so you think I did that to annoy you?
Really. So you went and closed my bugs in the different web components, highlighting which versions were affected by what?
So I that for fun ...?
Try no.

While pfsense is awesome, imho you sir are not helping here...

Actions #3

Updated by Scott Ullrich almost 14 years ago

We prefer to have one ticket open per issue. Even though there where multiple files affected it is still one issue.

In the future when you are dropping stuff on the full disclosure lists why not email and give us a heads up.

Thanks

Actions #4

Updated by Scott Ullrich almost 14 years ago

  • Status changed from New to Feedback

Issues fixed in commits 98bcf1f8 6a937188 8625c24f 50b2f6ab

Actions #5

Updated by dave b almost 14 years ago

Scott Ullrich wrote:

We prefer to have one ticket open per issue. Even though there where multiple files affected it is still one issue.

In the future when you are dropping stuff on the full disclosure lists why not email and give us a heads up.

Thanks

I would have if it was more serious issue.
Trivial xss that take me almost no time to find can be found in "almost no time" by anyone else who cares.

Actions #6

Updated by Chris Buechler almost 14 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF