Skip to content
This repository has been archived by the owner on Mar 15, 2024. It is now read-only.

The cookie parameter in profile.php has an XSS vulnerability. #18

Closed
gtqbhksl opened this issue Oct 23, 2023 · 4 comments
Closed

The cookie parameter in profile.php has an XSS vulnerability. #18

gtqbhksl opened this issue Oct 23, 2023 · 4 comments

Comments

@gtqbhksl
Copy link

gtqbhksl commented Oct 23, 2023
edited

On the profile.php page, line 20 will output, echo$_ SESSION ['username '].' - Профиль';, But$_ SESSION ['username '] is obtained through the if (isset ($-COOKIE ['username cookie')) {$_SESSION ['username ']=$-COOKIE ['username cookie'];} in the cfg. php file,$_ COOKIE ['username cookie '] is something that users can manipulate and can cause XSS vulnerabilities.
image
@AlexanderLivanov
Copy link
Owner

in progress, thanks 🤝

@jzySaber1996
Copy link

CWE-ID: CWE-79
Assigned CVE-2023-5837

@AlexanderLivanov
Copy link
Owner

I will cut this bug in new version. Thanks for your support

@AlexanderLivanov AlexanderLivanov closed this as not planned Won't fix, can't repro, duplicate, stale Dec 21, 2023
@AlexanderLivanov
Copy link
Owner

Hello everybody, I have just fixed this bug in new version. Thanks for your support

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzySaber1996 @AlexanderLivanov @gtqbhksl