Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser.
To Reproduce
Steps to reproduce the behavior:
Go to the following link: http://[server]/sync/dropbox/download?challenge=%3Cscript%3Ealert(1)%3C/script%3E
Boom!
Where the vulnerability occurred?
The code below displays the user-controlled parameter challenge in application/controllers/dropbox.php with incorrect sanitization:
Describe the bug/issue
To Reproduce
Steps to reproduce the behavior:
Where the vulnerability occurred?
The code below displays the user-controlled parameter
challengein application/controllers/dropbox.php with incorrect sanitization:JustWriting/application/controllers/dropbox.php
Line 36 in 49731e0
The text was updated successfully, but these errors were encountered: