Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-status/htdocs/luci-static/resources
History
Jo-Philipp Wich 3c66c5b165 luci-mod-status: fix potential XSS via specially crafted DNS names 
When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.

Prevent this issue by HTML escaping any values in the source and
destination columns.

Fixes: CVE-2021-32019
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-05-12 11:57:21 +02:00
..
svg Merge pull request #4598 from Ansuel/wifi_chan 2021-01-07 19:02:57 +02:00
view/status luci-mod-status: fix potential XSS via specially crafted DNS names 2021-05-12 11:57:21 +02:00