Skip to content
Commit 3c66c5b1 authored by Jo-Philipp Wich's avatar Jo-Philipp Wich
Browse files

luci-mod-status: fix potential XSS via specially crafted DNS names 



When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.

Prevent this issue by HTML escaping any values in the source and
destination columns.

Fixes: CVE-2021-32019
Signed-off-by: default avatarJo-Philipp Wich <jo@mein.io>
parent f99e4edc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment