Files
asterisk/main
Milan Kyselica 98f50c235e http: Escape error page text to prevent reflected XSS
The text parameter in ast_http_create_response() is inserted into
the HTML body without escaping, while the server name on the same
page is properly escaped via ast_xml_escape(). When res_phoneprov
passes the decoded request URI as the text of a 404 response, HTML
metacharacters in the URI are rendered by the browser.

Apply ast_xml_escape() to the text parameter before inserting it
into the HTML template, using the same function already used for
the server name.

Resolves: #GHSA-4pgv-j3mr-3rcp
2026-06-25 08:21:35 -06:00
..
2025-02-20 21:46:27 +00:00
2025-02-20 21:46:27 +00:00
2025-02-20 21:46:27 +00:00
2025-02-20 21:46:27 +00:00
2023-12-08 13:11:48 +00:00
2025-02-20 21:46:27 +00:00
2023-12-08 13:11:48 +00:00
2025-02-20 21:46:27 +00:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2025-01-16 15:32:48 +00:00
2025-08-06 15:37:46 +00:00
2026-03-02 16:43:24 +00:00
2021-12-02 15:02:09 -06:00
2022-07-07 08:19:14 -05:00
2025-02-20 21:46:27 +00:00
2020-06-10 09:33:28 -05:00
2021-12-02 15:02:09 -06:00
2025-02-20 21:46:27 +00:00
2024-08-12 15:21:31 +00:00
2021-12-02 15:02:09 -06:00
2021-11-15 17:33:27 -06:00
2021-12-02 15:02:09 -06:00
2025-04-02 12:16:35 +00:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2025-04-21 13:29:27 +00:00
2021-12-02 15:02:09 -06:00
2025-02-20 21:46:27 +00:00
2021-12-02 15:02:09 -06:00
2025-01-29 14:17:54 +00:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2025-02-20 21:46:27 +00:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2021-12-02 15:02:09 -06:00
2021-11-15 17:33:27 -06:00
2021-12-02 15:02:09 -06:00
2021-11-18 14:46:42 -06:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2025-06-02 16:35:27 +00:00
2025-02-20 21:46:27 +00:00
2021-12-02 15:02:09 -06:00
2022-03-24 12:00:58 -05:00
2025-02-20 21:46:27 +00:00
2021-12-02 15:02:09 -06:00