Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@purecarnage (https://huntr.dev/users/purecarnage) has fixed a potential XSS vulnerability in your repository 馃敤. For more information, visit our website (https://huntr.dev/) or click the bounty URL below...
Q | A
Version Affected | *
Bug Fix | YES
Original Pull Request | 418sec#1
If you are happy with this disclosure, we would love to get a CVE assigned to the vulnerability. Feel free to credit @purecarnage, the discloser found in the bounty URL (below) and @huntr-helper.
User Comments:
馃搳 Metadata
Bounty URL: https://www.huntr.dev/bounties/1-other-tinyfilemanager/
鈿欙笍 Description
An XSS vulnearbility was reported in huntr.dev at the link given above.
This was fixed by using
fm_enc()
function to encode html characters.馃捇 Technical Description
The issue was caused at three locations (sinks). The fix was simple, wrap the output string with
fm_enc()
馃悰 Proof of Concept (PoC)
"><img src=x onerror=alert(222)>.png
.Here's a GIF by the reporter: https://drive.google.com/file/d/1t2afWVrLu_mb_S69n6d4SbLHOziuEeuZ/view?usp=sharing
馃敟 Proof of Fix (PoF)
I've replayed the same payload, it will not pop an alert box as before.