mvc: checkAndThrowValueInUse validate input token which may only contain alphanum and dashes
PR: GHSA-98h6-479q-9q3w
(cherry picked from commit d7054cef69f72588feac1091254960835be19dfe)
network time: fix stored XSS in GPS init string display
Squelch a PHP warning and change the way the default init
command string is used.
PR: GHSA-h793-67jm-j4m5
(cherry picked from commit ed04a154dc40967541be1388e9134e451be4199e)
openvpn: escape client common_name in connection-status views (stored XSS)
The OpenVPN connection-status widget and the connection-status page render
the client common_name into an HTML attribute (data-common-name /
data-common_name) without escaping the double quote, so a common_name
containing a quote breaks out of the attribute. With username-as-common-name
plus a RADIUS/LDAP backend the common_name is an attacker-chosen value.
Escape the quote before placing it in the attribute.
PR: GHSA-26cj-h9rj-g5pf
(cherry picked from commit e7b2ac8093f804bef8eb88dfa9a0d99fad00c12b)
src: configuration line injection via multiple GUI text fields
PR: GHSA-fq94-cxvc-9r7w
Co-authored-by: Franco Fichtner <franco at opnsense.org>
(cherry picked from commit 6c3be9a11699879fe50aea1c30e50de5864601d7)
network time: fix stored XSS in GPS init string display
Squelch a PHP warning and change the way the default init
command string is used.
PR: GHSA-h793-67jm-j4m5
openvpn: escape client common_name in connection-status views (stored XSS)
The OpenVPN connection-status widget and the connection-status page render
the client common_name into an HTML attribute (data-common-name /
data-common_name) without escaping the double quote, so a common_name
containing a quote breaks out of the attribute. With username-as-common-name
plus a RADIUS/LDAP backend the common_name is an attacker-chosen value.
Escape the quote before placing it in the attribute.
PR: GHSA-26cj-h9rj-g5pf
network time: fix stored XSS in GPS init string display
Squelch a PHP warning and change the way the default init
command string is used.
PR: GHSA-h793-67jm-j4m5
openvpn: escape client common_name in connection-status views (stored XSS)
The OpenVPN connection-status widget and the connection-status page render
the client common_name into an HTML attribute (data-common-name /
data-common_name) without escaping the double quote, so a common_name
containing a quote breaks out of the attribute. With username-as-common-name
plus a RADIUS/LDAP backend the common_name is an attacker-chosen value.
Escape the quote before placing it in the attribute.
PR: GHSA-26cj-h9rj-g5pf