BPI/luci
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
luci/modules/luci-mod-status/htdocs/luci-static/resources
History
Jo-Philipp Wich e2abb45b0e luci-mod-status: fix potential XSS via specially crafted DNS names 
When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.

Prevent this issue by HTML escaping any values in the source and
destination columns.

Fixes: CVE-2021-32019
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3c66c5b1651aa25afbff09bee45047da9a0ba43d)
2021-05-12 12:03:00 +02:00
..
svg
Merge pull request #4598 from Ansuel/wifi_chan
2021-01-07 19:02:57 +02:00
view/status
luci-mod-status: fix potential XSS via specially crafted DNS names
2021-05-12 12:03:00 +02:00