webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a8dc9235f12d3922aa201bf4229e36eec21362af
bpfire/html
History
Vincent Li a8dc9235f1 dns.cgi: Fixes bug 13892 XSS potential 
commit f34349dd754c6cdb29058b603028a7155ebfa830
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Oct 2 13:10:14 2025 +0200

    dns.cgi: Fix for XSS potential

    - Related to CVE-2025-50976
    - Fixes NAMESERVER & REMARK
    - TLS_HOSTNAME was already fixed in a previous patch

    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit db042629c0cae5b78eeddb8a9db8783c557138b0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 17:29:35 2025 +0200

    dns.cgi: Validate the TLS hostname irregardless of TLS being used

    That way, we won't have to perform escaping later on and can rely on
    having a valid value.

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 98616a36c00b7fc845995c5cc4d8e301e58a20a7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:50 2025 +0200

    dns.cgi: Fixes bug 13892

    Fixes: bug 13892 - dns.cgi TLS_HOSTNAME Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2025-10-03 18:23:26 +00:00
..
cgi-bin
dns.cgi: Fixes bug 13892 XSS potential
2025-10-03 18:23:26 +00:00
html
wireguard.cgi: add css color style for VPN peer status
2025-07-07 21:10:23 +00:00