Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible XSS vulnerability #21

Closed
enferas opened this issue Nov 15, 2021 · 2 comments
Closed

Possible XSS vulnerability #21

enferas opened this issue Nov 15, 2021 · 2 comments

Comments

@enferas
Copy link

enferas commented Nov 15, 2021

Hello,

I would like to report for XSS vulnerability.

In file example.php

\\ line 38
$query = $_GET['query'];
\\ line 64
$resout = str_replace('{query}', $query, $resout);
\\ line 111
$resout = str_replace('{result}', $winfo, $resout);
\\ line 117
exit(str_replace('{results}', $resout, $out));

exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is XSS vulnerability.

@enferas
Copy link
Author

enferas commented Dec 2, 2021

CVE-2021-43698 is assigned to this discovery.

An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.

@sparc
Copy link
Owner

sparc commented Feb 22, 2022

thanx ! fixed !

@sparc sparc closed this as completed Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants