Server specification : Apache 2.4.29, Turn on the AcceptPathInfo in apache2.conf
Description:
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Steps To Reproduce:
Go to the http://[localhost]/faveo-helpdesk/vendor/dompdf/dompdf/www/index.php
Login
Go tot the page with the following link: http://[localhost]/faveo-helpdesk/vendor/dompdf/dompdf/www/demo.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
Boom!
Where the Issue Occurred
The code below displays the user-controlled input PHP_SELF in demo.php without sufficient sanitization:
Description:
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Steps To Reproduce:
Where the Issue Occurred
The code below displays the user-controlled input
PHP_SELFindemo.phpwithout sufficient sanitization:faveo-helpdesk/vendor/dompdf/dompdf/www/demo.php
Line 35 in 4752081
Note
Although the dompdf page is accessible from localhost, it can be attacked if the localhost user clicks on the aforementioned link.
Downloaded from
[*] master-branch
[*] release-tag: v1.11.0
The text was updated successfully, but these errors were encountered: