From 7cb63527d96c4610171feb580c9fcd27c3af26b6 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Sep 2022 13:58:22 +0200 Subject: [PATCH] mail.cgi: Validate email recipient The email recipient was not correctly validated which allowed for some stored cross-site scripting vulnerability. Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka Signed-off-by: Michael Tremer --- html/cgi-bin/mail.cgi | 4 ++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 6 insertions(+) diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index 4ebc6b0336..34f52ae015 100644 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -283,6 +283,10 @@ sub checkmailsettings { $errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}
"; } } + # Check for a valid recipient + if (!&General::validemail($cgiparams{'txt_recipient'})) { + $errormessage .= $Lang::tr{'email recipient invalid'} . "
"; + } return $errormessage; } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d3b4c86878..0dbc907187 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -963,6 +963,7 @@ 'email mailrcpt' => 'E-Mail-Empfänger', 'email mailsender' => 'E-Mail-Absender', 'email mailuser' => 'Benutzername', +'email recipient invalid' => 'Ungültiger Emailempfänger', 'email server can not be empty' => 'E-Mail-Server darf nicht leer sein', 'email settings' => 'Mailversand', 'email subject' => 'IPFire Test-E-Mail', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 36f97de382..7de75ad3cf 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1004,6 +1004,7 @@ 'email mailrcpt' => 'Mail Recipient', 'email mailsender' => 'Mail Sender', 'email mailuser' => 'Username', +'email recipient invalid' => 'Invalid email recipient', 'email server can not be empty' => 'E-mail server can not be empty', 'email settings' => 'Mail Service', 'email subject' => 'IPFire Test Mail', -- 2.39.5