You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vulnerability stems from the lack of filtering or encoding of the $id parameter, allowing an attacker to inject arbitrary HTML and JavaScript code into a link.php page.
The POC demonstrates that by inserting a specially crafted a tag into the URL, an attacker can cause an alert box to appear showing the document's cookies when the link is clicked, evidencing the execution of JavaScript.
Summary
A reflected XSS vulnerability was discovered in lylme_spage v1.9.5 on the
admin/link.php
.Details
lylme_spage/admin/link.php
Lines 71 to 77 in b7c430a
The vulnerability stems from the lack of filtering or encoding of the $id parameter, allowing an attacker to inject arbitrary HTML and JavaScript code into a link.php page.
The POC demonstrates that by inserting a specially crafted a tag into the URL, an attacker can cause an alert box to appear showing the document's cookies when the link is clicked, evidencing the execution of JavaScript.
POC
The text was updated successfully, but these errors were encountered: