I found that at line 50 of backend/common/system/info.php, Receive parameters without any filtering at $_SERVER['HTTP_USER_AGENT'].
This is an official demo site http://demo2.rageframe.com/backend [login:demo/123456], I use it directly to verify this vulnerability. Request info.php via route backend/common/system/info,Capture packets through burpsuit and modify user agent. The payload is as follows:
Reflective Cross Site Scripting at info.php
$_SERVER['HTTP_USER_AGENT'].The text was updated successfully, but these errors were encountered: