You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
** PRODUCT NOT SUPPORTED WHEN ASSIGNED **
Codiad v2.8.4 has a reflective cross-site vulnerability.
Details
Codiad v2.8.4 has a reflection cross-site attack vulnerability, the vulnerability is due to/components/market/dialog.php.
The reference "type" parameter is displayed directly in the front-end code without escaping. https://github.com/Codiad/Codiad/blob/b2ef139219d2f931465f11306e651d3832262227/components/market/dialog.php#L103-L122
According to the picture, we know that in this code, the program references the value of the "type" parameter to the button label of the front-end code many times, but the "type" parameter is not filtered, so we can close the button label with double quotes and insert malicious code.
Summary
** PRODUCT NOT SUPPORTED WHEN ASSIGNED **
Codiad v2.8.4 has a reflective cross-site vulnerability.
Details
Codiad v2.8.4 has a reflection cross-site attack vulnerability, the vulnerability is due to/components/market/dialog.php.

The reference "type" parameter is displayed directly in the front-end code without escaping.
https://github.com/Codiad/Codiad/blob/b2ef139219d2f931465f11306e651d3832262227/components/market/dialog.php#L103-L122
According to the picture, we know that in this code, the program references the value of the "type" parameter to the button label of the front-end code many times, but the "type" parameter is not filtered, so we can close the button label with double quotes and insert malicious code.
Proof of Concept (POC)
http://ip:port/components/market/dialog.php?action=list¬e=undefined&type=%22%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E

Impact
If a user or administrator accesses the malicious url, the cookie may be obtained by an attacker.
The text was updated successfully, but these errors were encountered: