dharmeshbaskaran/CVE-2020-19204

## CVE-2020-19204
CVE-2020-19204
=======================================================================
* Authenicated Stored XSS in routing.cgi
* Affected Product: Affects: IPFire 2.21 (x86_64) - Core Update 130
* Vendor: IPFire
* Vulnerability Class: Stored Cross-Site Scripting
* Status: Fixed
* Author: Dharmesh Baskaran
=======================================================================

=== SUMMARY ===

An authenticated Stored XSS (Cross-site Scripting) exists in the "routing.cgi" Routing Table Entries via the "Remark" text box  or "remark" parameter. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Routing Table Entries.

=== TECHNICAL DESCRIPTION ===

An authenticated Stored XSS (Cross-site Scripting) exists in the (https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries via the "Remark" text box  or "remark" parameter. This is due to a lack of user input validation in "Remark" text box  or "remark" parameter. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Routing Table Entries (/cgi-bin/routing.cgi). The Stored XSS get prompted on the victims page whenever victim tries to access the Routing Table Entries configuraiton page.

=== REMEDIATION ===

# Escape input in REMARK field
$settings{'REMARK'} = &Header::escape($settings{'REMARK'});

=== DISCLOSURE TIMELINE ===

2019-05-09: Vulnerability disclosed to IPFire Team
2019-05-09: Acknowlegement from IPFire Team
2019-05-09: Fixed: https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=88e64c23c16a8f84d256c3d3fb97f46cf383a644

=======================================================================
	CVE-2020-19204
	=======================================================================
	* Authenicated Stored XSS in routing.cgi
	* Affected Product: Affects: IPFire 2.21 (x86_64) - Core Update 130
	* Vendor: IPFire
	* Vulnerability Class: Stored Cross-Site Scripting
	* Status: Fixed
	* Author: Dharmesh Baskaran
	=======================================================================

	=== SUMMARY ===

	An authenticated Stored XSS (Cross-site Scripting) exists in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Routing Table Entries.

	=== TECHNICAL DESCRIPTION ===

	An authenticated Stored XSS (Cross-site Scripting) exists in the (https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries via the "Remark" text box or "remark" parameter. This is due to a lack of user input validation in "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Routing Table Entries (/cgi-bin/routing.cgi). The Stored XSS get prompted on the victims page whenever victim tries to access the Routing Table Entries configuraiton page.

	=== REMEDIATION ===

	# Escape input in REMARK field
	$settings{'REMARK'} = &Header::escape($settings{'REMARK'});

	=== DISCLOSURE TIMELINE ===

	2019-05-09: Vulnerability disclosed to IPFire Team
	2019-05-09: Acknowlegement from IPFire Team
	2019-05-09: Fixed: https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=88e64c23c16a8f84d256c3d3fb97f46cf383a644

	=======================================================================