Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-status/htdocs/luci-static/resources/view/status
History
Jo-Philipp Wich 3c66c5b165 luci-mod-status: fix potential XSS via specially crafted DNS names 
When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.

Prevent this issue by HTML escaping any values in the source and
destination columns.

Fixes: CVE-2021-32019
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-05-12 11:57:21 +02:00
..
include luci-mod-status: use the new ubus dsl metrics 2021-01-26 07:10:19 +01:00
bandwidth.js treewide: transition div tables to actual table markup 2020-11-27 21:36:40 +01:00
channel_analysis.js luci-mod-status: check if center_chan1 is defined 2021-05-05 16:01:01 +02:00
connections.js luci-mod-status: fix potential XSS via specially crafted DNS names 2021-05-12 11:57:21 +02:00
dmesg.js treewide: import utility classes explicitly 2020-04-03 10:00:06 +02:00
index.js luci-mod-status: index.js: skip includes which failed loading 2020-04-18 23:25:22 +02:00
iptables.js luci-mod-status: iptables: always make tab pane visible 2021-05-07 19:16:34 +02:00
load.js treewide: transition div tables to actual table markup 2020-11-27 21:36:40 +01:00
processes.js treewide: transition div tables to actual table markup 2020-11-27 21:36:40 +01:00
routes.js treewide: removed trailing whitespaces and extra newlines in 'modules' 2021-01-20 17:48:16 +02:00
syslog.js Merge pull request #3769 from dibdot/logread-fix 2020-04-08 09:19:09 +02:00
wireless.js luci-mod-status,luci-app-statistics: Fix case for 'Bit/s' to 'bit/s' 2021-01-19 23:11:33 +02:00