Skip to content
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.

Reflected XSS vulnerability #119

Closed
xssssrf opened this issue Mar 15, 2018 · 2 comments
Closed

Reflected XSS vulnerability #119

xssssrf opened this issue Mar 15, 2018 · 2 comments
Assignees
@mkucej
Labels
bug

Comments

@xssssrf
Copy link

xssssrf commented Mar 15, 2018

i-librarian/stable.php

Line 8 in 9535753

<a href="<?php print IL_URL; ?>?id=<?php print $_GET['id']; ?>" style="display:block">

When $stablelinks == '1' at ilibrarian-default.ini,it could cause a reflective XSS.

POC:
http://localhost/Librarian/stable.php?id="/><script>confirm(document.domain)</script>
@mkucej
Copy link
Owner

mkucej commented Mar 15, 2018

Thanks, we'll fix this.

@mkucej mkucej self-assigned this Mar 15, 2018
@mkucej mkucej added the bug label Mar 15, 2018
mkucej added a commit that referenced this issue Mar 21, 2018
@mkucej
XSS vulnerability fixes bug #119
055c6ed
@mkucej
Copy link
Owner

mkucej commented Mar 22, 2018

fixed in 4.9

@mkucej mkucej closed this as completed Mar 22, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mkucej mkucej

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkucej @xssssrf