News: This forum is now permanently frozen.
Pages: [1]
Topic: xss and lack of csrf proection.  (Read 2531 times)
« on: December 01, 2010, 08:45:27 »
db *
Posts: 1

I don't know if this is fixed in the monowall repository but it was in pfsense.
This xss still works against monowall (in the current release).

http://10.0.20.12/graph.php?ifnum=re/%3E%3Cscript%3Ealert%281%29;%3C/script%3Exxxx0&ifname=LAN
Also, monowall has no csrf protection.

« Reply #1 on: December 01, 2010, 09:22:55 »
Manuel Kasper
Administrator
*****
Posts: 364

The XSS vulnerabilities are fixed in the repository; will be in the next release.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines