The parameter project is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack.
project
http://domain.tld/display.php?browse[]=all&project=1">test</a><script>alert(123)</script>&select=desk&_=1555500329996
The flaw exists since $project was assigned to a GET parameter without sanitizing
$project
i-librarian/display.php
Line 15 in 07a2668
then, $project was printed without escaping
Line 326 in 07a2668
The text was updated successfully, but these errors were encountered:
Thank you. This will be fixed in the next version.
Sorry, something went wrong.
@mkucej Can you assign this flaw a CVE?
mkucej
No branches or pull requests
Summary
The parameter
projectis not sanitized, so attackers can poison this parameter and then create a reflected XSS attack.PoC
http://domain.tld/display.php?browse[]=all&project=1">test</a><script>alert(123)</script>&select=desk&_=1555500329996Details
The flaw exists since
$projectwas assigned to a GET parameter without sanitizingi-librarian/display.php
Line 15 in 07a2668
then,
$projectwas printed without escapingi-librarian/display.php
Line 326 in 07a2668
The text was updated successfully, but these errors were encountered: