luci-mod-status: fix potential XSS via specially crafted DNS names - openwrt/luci

diff options

author	Jo-Philipp Wich <jo@mein.io>	2021-05-12 11:49:31 +0200
committer	Jo-Philipp Wich <jo@mein.io>	2021-05-12 11:57:21 +0200
commit	3c66c5b1651aa25afbff09bee45047da9a0ba43d (patch)
tree	405e4675d61de7359375813f5942dd1e208dec64 /applications/luci-app-firewall/po/tr/firewall.po
parent	f99e4edcc986cd8443f8e7aaab067befd562e14a (diff)

luci-mod-status: fix potential XSS via specially crafted DNS names

When an upstream NS returns PTR domain names containing HTML, it is added verbatim to the connection status table. Prevent this issue by HTML escaping any values in the source and destination columns. Fixes: CVE-2021-32019 Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Diffstat (limited to 'applications/luci-app-firewall/po/tr/firewall.po')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: