]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f34349d) | patch
firewall.cgi: Fixes XSS potential
authorAdolf Belka <adolf.belka@ipfire.org>
Thu, 2 Oct 2025 11:10:15 +0000 (13:10 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 2 Oct 2025 16:33:43 +0000 (16:33 +0000)
commit21539d63dfcb15f186309b3107f63d455e4008ea
treeb3d4058dcf8a1d6d8edf58dd2651e59a44089087tree | snapshot
parentf34349dd754c6cdb29058b603028a7155ebfa830commit | diff
firewall.cgi: Fixes XSS potential

- Related to CVE-2025-50975
- Fixes PROT
- ruleremark was already escaped when firewall.cgi was initially merged back in Core
   Update 77.
- SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as
   ports or port ranges.
- std_net_tgt is a string defined in the code and not a variable
- The variable key ignores any input that is not a digit and subsequently uses the next
   free rulenumber digit

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/firewall.cgi diff | blob | blame | history
IPFire 2.x development tree