From: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu, 2 Oct 2025 11:10:14 +0000 (+0200)
Subject: dns.cgi: Fix for XSS potential
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8726b465430f59a18e3704c47d886662ca59ad22;p=ipfire-2.x.git

dns.cgi: Fix for XSS potential

- Related to CVE-2025-50976
- Fixes NAMESERVER & REMARK
- TLS_HOSTNAME was already fixed in a previous patch

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 883c7efb6..29a46d4b6 100644
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -775,9 +775,9 @@ sub show_add_edit_nameserver() {
 		# Check if an ID has been given.
 		if ($cgiparams{'ID'}) {
 			# Assign cgiparams values.
-			$cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
+			$cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
 			$cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
-			$cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
+			$cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
 		}
 	} else {
 		&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});