- Related to CVE-2025-50976 - Fixes NAMESERVER & REMARK - TLS_HOSTNAME was already fixed in a previous patch
Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/dns.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 883c7efb6..29a46d4b6 100644 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -775,9 +775,9 @@ sub show_add_edit_nameserver() { # Check if an ID has been given. if ($cgiparams{'ID'}) { # Assign cgiparams values. - $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0]; + $cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]); $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1]; - $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3]; + $cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]); } } else { &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'}); -- 2.51.0
