Describe the bug/issue
The parameter data[performredirect] on the login page is vulnerable to XSS attacks.
This issue was found in the latest Docker package by jgeusebroek (jgeusebroek/docker-spotweb) and seems to involve the latest Spotweb 1.5.1 as random Spotweb servers on the internet are also vulnerable.
To Reproduce
Steps to reproduce the behavior:
Go to this URL: http://[ip]:[port]/?data[performredirect]=%22%3E%3Cscript%3Ealert(0)%3C/script%3E&page=login
Screenshots
The text was updated successfully, but these errors were encountered:
Xitro01
changed the title
XSS on login page
XSS on login page and other Apache security issues
Nov 12, 2021
Describe the bug/issue
The parameter data[performredirect] on the login page is vulnerable to XSS attacks.
This issue was found in the latest Docker package by jgeusebroek (jgeusebroek/docker-spotweb) and seems to involve the latest Spotweb 1.5.1 as random Spotweb servers on the internet are also vulnerable.
To Reproduce
Steps to reproduce the behavior:
Go to this URL: http://[ip]:[port]/?data[performredirect]=%22%3E%3Cscript%3Ealert(0)%3C/script%3E&page=login
Screenshots

The text was updated successfully, but these errors were encountered: