PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001454PacketFencesecuritypublic2012-05-28 21:392012-06-14 12:16
Reporterobilodeau 
Assigned Toobilodeau 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.0.0 
Target Version3.4.0Fixed in Version3.4.0 
Summary0001454: Reflected XSS in guest management
DescriptionTo reproduce browse to: https://webadmin:1443/guests/manage?columns="%3E%3Cscript%3Ealert%28%27XSS%20and%20thank%20you%20for%20your%20admin%20cookies%3A%20%27%20%2b%20document.cookie%29%3B%3C%2fscript%3E [^]
TagsNo tags attached.
fixed in git revision3ae90433f6308b45b0990dc8aaa3a860617cf42a
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0002735)
obilodeau (reporter)
2012-05-28 21:49

This naive fix seems to have effects on the javascript or something because the tab doesn't load by default anymore.. Experienced on firefox.

diff --git a/html/captive-portal/templates/guest/register_guest.html b/html/captive-portal/templates/guest/register_guest.html

index 0f57f9d..4e85847 100644
--- a/html/captive-portal/templates/guest/register_guest.html
+++ b/html/captive-portal/templates/guest/register_guest.html
@@ -136,7 +136,7 @@ var initialTabName = "single";
             </div>
             <div class="input">
               <span>[% i18n("Columns Order") %]*</span>
-              <input type="hidden" name="columns"id="columns_order" 
value="[% IF columns %][% columns %][% ELSE %]c_username,c_password[% END %]">
+              <input type="hidden" name="columns" id="columns_order" 
value="[% IF columns %][% columns | html %][% ELSE %]c_username,c_password[% END %]">
               <div class="note" id="columns">
                 <div class="column"><input type="checkbox" name="c_username" 
checked disabled><span>[% i18n("Username") %]</span><span class="order"><img 
src="/content/images/arrow_up_12x12.png"><
                 <div class="column"><input type="checkbox" name="c_password" 
checked disabled><span>[% i18n("Password") %]</span><span class="order"><img 
src="/content/images/arrow_up_12x12.png"><

(0002774)
obilodeau (reporter)
2012-06-14 12:16

fix released in 3.4.0 yesterday
(0002781)
obilodeau (reporter)
2012-06-14 12:16

security problem now public

- Issue History
Date Modified Username Field Change
2012-05-28 21:39 obilodeau New Issue
2012-05-28 21:49 obilodeau Note Added: 0002735
2012-05-29 09:37 obilodeau git revision => 3ae90433f6308b45b0990dc8aaa3a860617cf42a
2012-05-29 09:37 obilodeau Status new => resolved
2012-05-29 09:37 obilodeau Fixed in Version => +1
2012-05-29 09:37 obilodeau Resolution open => fixed
2012-05-29 09:37 obilodeau Assigned To => obilodeau
2012-06-14 12:15 obilodeau Target Version => 3.4.0
2012-06-14 12:15 obilodeau Fixed in Version +1 => 3.4.0
2012-06-14 12:16 obilodeau Note Added: 0002774
2012-06-14 12:16 obilodeau Status resolved => closed
2012-06-14 12:16 obilodeau Note Added: 0002781
2012-06-14 12:16 obilodeau View Status private => public


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker