Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-status
History
Jo-Philipp Wich 3c66c5b165 luci-mod-status: fix potential XSS via specially crafted DNS names 
When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.

Prevent this issue by HTML escaping any values in the source and
destination columns.

Fixes: CVE-2021-32019
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-05-12 11:57:21 +02:00
..
htdocs/luci-static/resources luci-mod-status: fix potential XSS via specially crafted DNS names 2021-05-12 11:57:21 +02:00
luasrc/view/admin_status luci-mod-status: use LuCI.ui.instantiateView() to load index view 2020-04-03 13:27:20 +02:00
root/usr/share luci-mod-status: use the new ubus dsl metrics 2021-01-26 07:10:19 +01:00
src luci-mod-status: realtime graph - find suffixed libiwinfo.so 2021-01-09 19:02:30 +02:00
Makefile modules: Split luci-mod-full 2018-09-19 20:08:19 +02:00