New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Bug] XSS in pop_chart.php #162

Closed

0xdc9 opened this issue Oct 16, 2022 · 0 comments

Labels

bug

0xdc9 commented Oct 16, 2022 •

edited

Loading

Describe the bug
A Cross site scripting due to unfiltered $_GET['filter']

To Reproduce
Steps to reproduce the behavior:

Log in as Admin
Go to http://localhost/admin/modules/reporting/pop_chart.php?filter=2022%20%27<script>alert(%270xdc9%27);</script>
There should be a pop that says '0xdc9'

Screenshots

Versions

OS: Kali Linux(Debian) 2021
Browser: Firefox 78.7.0.esr(64-bit)
Slims Version: slims9_bulian-9.4.2

Vulnerable code

pop_chart.php line 43-70

The text was updated successfully, but these errors were encountered:

0xdc9 added the bug label

drajathasan added a commit that referenced this issue


          Fix issue #162

07d6193

0xdc9 closed this as completed

hasanbasri1993 pushed a commit to hasanbasri1993/slims9_bulian that referenced this issue


          Fix issue slims#162

fd2f78a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment