summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/po
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2021-05-12 11:49:31 +0200
committerJo-Philipp Wich <jo@mein.io>2021-05-12 11:57:21 +0200
commit3c66c5b1651aa25afbff09bee45047da9a0ba43d (patch)
tree405e4675d61de7359375813f5942dd1e208dec64 /applications/luci-app-firewall/po
parentf99e4edcc986cd8443f8e7aaab067befd562e14a (diff)
luci-mod-status: fix potential XSS via specially crafted DNS names
When an upstream NS returns PTR domain names containing HTML, it is added verbatim to the connection status table. Prevent this issue by HTML escaping any values in the source and destination columns. Fixes: CVE-2021-32019 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-firewall/po')
0 files changed, 0 insertions, 0 deletions