Milan Kyselica
a846b9a012
http: Escape error page text to prevent reflected XSS
...
The text parameter in ast_http_create_response() is inserted into
the HTML body without escaping, while the server name on the same
page is properly escaped via ast_xml_escape(). When res_phoneprov
passes the decoded request URI as the text of a 404 response, HTML
metacharacters in the URI are rendered by the browser.
Apply ast_xml_escape() to the text parameter before inserting it
into the HTML template, using the same function already used for
the server name.
Resolves: #GHSA-4pgv-j3mr-3rcp
2026-06-25 08:22:20 -06:00
..
2025-02-20 21:46:28 +00:00
2026-06-01 16:07:52 +00:00
2025-02-20 21:46:28 +00:00
2025-02-20 21:46:28 +00:00
2026-02-18 13:43:31 +00:00
2025-02-20 21:46:28 +00:00
2023-12-08 13:11:54 +00:00
2023-04-03 07:58:23 -05:00
2025-02-20 21:46:28 +00:00
2023-12-08 13:11:54 +00:00
2026-06-11 18:30:55 +00:00
2023-01-13 08:32:33 -06:00
2020-06-02 11:35:07 -05:00
2024-09-25 18:27:18 +00:00
2025-02-20 21:46:28 +00:00
2021-12-02 15:02:09 -06:00
2025-02-20 21:46:28 +00:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2021-12-02 15:02:09 -06:00
2025-09-11 14:47:32 +00:00
2024-09-09 23:17:18 +00:00
2026-02-18 19:30:11 +00:00
2021-12-02 15:02:09 -06:00
2025-11-12 22:10:44 +00:00
2025-02-20 21:46:28 +00:00
2021-12-02 15:02:09 -06:00
2026-06-03 22:54:42 +00:00
2025-01-16 15:32:52 +00:00
2026-03-31 16:54:57 +00:00
2026-02-18 13:43:31 +00:00
2025-08-06 15:37:47 +00:00
2026-03-02 16:43:24 +00:00
2026-06-03 22:54:42 +00:00
2026-06-03 22:54:42 +00:00
2026-06-03 22:54:42 +00:00
2025-11-12 21:27:17 +00:00
2026-01-23 15:25:38 +00:00
2025-07-01 14:02:33 +00:00
2026-01-23 15:25:38 +00:00
2025-11-12 21:27:17 +00:00
2026-01-13 16:03:24 +00:00
2025-10-06 15:46:25 +00:00
2024-02-12 18:46:32 +00:00
2025-10-02 14:43:01 +00:00
2026-02-18 13:43:31 +00:00
2022-03-23 17:13:03 -05:00
2025-12-01 14:05:53 +00:00
2025-12-01 14:05:53 +00:00
2021-12-02 15:02:09 -06:00
2020-04-15 13:56:40 -05:00
2022-07-07 08:19:14 -05:00
2025-02-20 21:46:28 +00:00
2025-10-22 15:47:14 +00:00
2025-12-29 19:37:32 +00:00
2026-05-19 21:11:25 +00:00
2026-02-18 13:43:31 +00:00
2026-05-19 21:11:25 +00:00
2020-06-10 09:33:28 -05:00
2021-12-02 15:02:09 -06:00
2021-12-02 10:37:38 -06:00
2020-04-28 13:05:55 -05:00
2025-02-20 21:46:28 +00:00
2024-10-10 15:34:28 +00:00
2026-03-03 22:07:19 +00:00
2026-01-05 14:46:21 +00:00
2026-01-05 14:46:21 +00:00
2026-02-17 13:31:25 +00:00
2026-02-18 13:43:31 +00:00
2024-08-12 15:21:35 +00:00
2026-06-11 18:30:55 +00:00
2026-06-11 18:30:55 +00:00
2026-06-11 18:30:55 +00:00
2025-02-20 21:46:28 +00:00
2025-09-22 17:39:17 +00:00
2026-03-03 21:51:46 +00:00
2025-02-20 21:46:28 +00:00
2024-02-12 18:46:32 +00:00
2021-12-02 15:02:09 -06:00
2021-01-04 05:00:58 -06:00
2024-02-12 18:46:32 +00:00
2025-05-20 13:54:01 +00:00
2026-02-25 13:25:14 +00:00
2021-11-15 17:33:27 -06:00
2026-06-25 08:22:20 -06:00
2024-02-12 18:46:32 +00:00
2024-02-12 18:46:32 +00:00
2021-12-02 15:02:09 -06:00
2026-06-16 14:17:41 +00:00
2025-04-02 12:16:36 +00:00
2025-07-30 16:03:56 +00:00
2025-01-29 14:18:18 +00:00
2020-10-02 12:58:18 -05:00
2025-01-29 14:18:18 +00:00
2026-02-18 13:43:31 +00:00
2026-04-07 17:18:37 +00:00
2025-01-29 14:18:18 +00:00
2025-10-20 13:19:18 +00:00
2025-02-20 21:46:28 +00:00
2025-01-29 14:18:18 +00:00
2026-05-11 12:53:06 +00:00
2025-04-21 13:29:28 +00:00
2021-12-02 15:02:09 -06:00
2025-02-20 21:46:28 +00:00
2021-12-02 15:02:09 -06:00
2025-01-29 14:18:18 +00:00
2021-12-02 10:37:38 -06:00
2025-07-30 16:03:56 +00:00
2026-03-03 18:55:45 +00:00
2025-09-04 15:03:39 +00:00
2026-04-22 17:50:24 +00:00
2021-12-02 15:02:09 -06:00
2021-08-06 09:04:28 -05:00
2026-06-11 18:30:55 +00:00
2021-12-02 15:02:09 -06:00
2026-02-18 13:43:31 +00:00
2026-06-11 18:30:55 +00:00
2025-02-20 21:46:28 +00:00
2025-07-30 16:03:56 +00:00
2025-01-29 14:18:18 +00:00
2025-02-11 22:05:26 +00:00
2026-05-06 12:29:35 +00:00
2026-02-25 13:25:14 +00:00
2022-01-21 10:06:57 -06:00
2025-01-29 14:18:18 +00:00
2025-09-16 17:21:23 +00:00
2025-09-16 17:21:23 +00:00
2021-12-02 15:02:09 -06:00
2021-11-15 17:33:27 -06:00
2025-09-30 13:50:29 +00:00
2021-12-02 15:02:09 -06:00
2026-06-03 22:54:42 +00:00
2021-11-18 14:46:42 -06:00
2026-06-03 22:54:42 +00:00
2025-01-29 14:18:18 +00:00
2025-10-13 15:34:12 +00:00
2023-06-09 18:19:53 +00:00
2022-05-09 08:20:46 -05:00
2025-01-29 14:18:18 +00:00
2026-06-11 18:30:55 +00:00
2026-02-26 15:51:02 +00:00
2024-10-17 15:20:39 +00:00
2025-06-02 16:35:28 +00:00
2025-02-20 21:46:28 +00:00
2025-12-16 17:03:43 +00:00
2026-02-18 13:43:31 +00:00
2026-06-09 14:22:57 +00:00
2021-12-02 15:02:09 -06:00
2021-09-08 19:10:54 -05:00
2025-01-02 14:52:16 +00:00
2025-12-04 16:13:03 +00:00
2022-03-24 12:00:58 -05:00
2026-04-22 19:02:32 +00:00
2025-02-20 21:46:28 +00:00
2023-11-14 20:51:40 +00:00
2023-03-01 09:50:02 -06:00
2026-02-25 13:25:14 +00:00
2021-12-02 15:02:09 -06:00
2026-02-26 15:51:02 +00:00
2026-03-19 16:41:22 +00:00