Bug #16116
Updated by Jim Pingle about 2 months ago
The page at @services_wol_edit.php@ does not perform sufficient validation on the @interface@ value submitted by users when creating or editing a WoL entry. This value is sent back to the user without encoding in the WOL list on @services_wol.php@ @services_wol_edit.php@ and on the dashboard widget @wake_on_lan.widget.php@, which is a potential XSS vector. Creating a new entry with the following data reproduces the problem condition: <pre> { "interface": "wan\"><script>alert('XSS')</script>", "mac": "aa:bb:cc:dd:ee:00", "descr": "XSS+Test", "save": "Save" } </pre>