]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8726b46) | patch
firewall.cgi: Fixes XSS potential
authorAdolf Belka <adolf.belka@ipfire.org>
Thu, 2 Oct 2025 11:10:15 +0000 (13:10 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 2 Oct 2025 16:56:18 +0000 (16:56 +0000)
commit6d107e8683fb816f0f63fd6022b30a277ea9d191
treedc708f6eb29647b6ef08b047927d5dd4296bd225tree | snapshot
parent8726b465430f59a18e3704c47d886662ca59ad22commit | diff
firewall.cgi: Fixes XSS potential

- Related to CVE-2025-50975
- Fixes PROT
- ruleremark was already escaped when firewall.cgi was initially merged back in Core
   Update 77.
- SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as
   ports or port ranges.
- std_net_tgt is a string defined in the code and not a variable
- The variable key ignores any input that is not a digit and subsequently uses the next
   free rulenumber digit

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/firewall.cgi diff | blob | blame | history
IPFire 2.x development tree