XSS vulnerability in display.php #138

everping · 2019-04-17T12:19:38Z

Summary

The parameter project is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack.

http://domain.tld/display.php?browse[]=all&project=1">test</a><script>alert(123)</script>&select=desk&_=1555500329996

The flaw exists since $project was assigned to a GET parameter without sanitizing

Line 15 in 07a2668

$project = $_GET['project'];

then, $project was printed without escaping

Line 326 in 07a2668

    
           print '<a href="rss.php?project=' . $project . '" target="_blank" id="rss-link">&nbsp;<i class="fa fa-rss"></i> Project RSS</a>';

The text was updated successfully, but these errors were encountered:

mkucej · 2019-04-17T12:29:09Z

Thank you. This will be fixed in the next version.

everping · 2019-04-17T12:30:06Z

@mkucej Can you assign this flaw a CVE?

mkucej self-assigned this Apr 17, 2019

mkucej added the bug label Apr 17, 2019