[FREEPBX-20436] XSS vulnerability in manager module - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 14
Fix Version/s: None
Component/s: FreePBX Distro
Labels:
None

ToDo:

Distro Version:
SNG7-PBX-64bit-1904-2
Distro:
FreePBX Distro

Description

html\admin\modules\manager\views\form.php
https://github.com/FreePBX/manager/blob/release/13.0/views/form.php

Unsanitized $_REQUEST['managerdisplay'] reflected in HTML leads to XSS (as you can see in screenshot attached tested on latest FreePBX ISO)

http://XXXX/admin/config.php?type=tool&display=manager&managerdisplay=cxpanel%22%3E%3Cscript%3Ealert(1)%3C/script%3E&view=form

if (isset($_REQUEST['managerdisplay'])){
  $managerdisplay = $_REQUEST['managerdisplay'];
  $subhead = '<h2>'._("Manager").' '.$managerdisplay.'</h2>';
  $delURL = '?display=manager&managerdisplay='.$managerdisplay.'&action=delete';

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

2019-07-09_11h42_06.png
73 kB
15/Aug/19 7:15 AM

Activity

People

Assignee:

Franck Danard [X] (Inactive)

Reporter:

respect

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

15/Aug/19 7:17 AM

Updated:

22/Oct/19 6:08 AM

Resolved:

03/Sep/19 4:17 PM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.