Skip to content
Permalink
Browse files

Fix h1 report 99004

Reflected XSS
-------------

The HackerOne user @decidedlygray has reported that the affiliate-preview.php
script in www/admin is vulnerable to a reflected XSS attack via the "charset"
parameter. If the target system is running a Revive Adserver version older
than 3.2.2, such a vulnerability could be used by an attacker to steal the
session ID of an authenticated user, by tricking them into visiting a
specifically crafted URL.

A CVE-ID has been requested, but not assigned yet.

CWE: CWE-79
CVSSv2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
  • Loading branch information...
mbeccati committed Nov 20, 2015
1 parent 3aaebcc commit a323fd626627e8d42819fd5b7e2829196b5c54a3
@@ -233,7 +233,7 @@ function selectElement() {
break;
case 'charset':
$optionName = $GLOBALS['strCharset'];
$optionValue = empty($mi->$feature) ? $GLOBALS['strAutoDetect'] : $mi->$feature;
$optionValue = empty($mi->$feature) ? $GLOBALS['strAutoDetect'] : htmlspecialchars($mi->$feature);
break;
default:
$optionName = $feature;

0 comments on commit a323fd6

Please sign in to comment.
You can’t perform that action at this time.