You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to report a XSS vulnerability in /includes/prefs.inc.php
If the value of $_POST['key'] is set to some malicious javascript E.G. "<script>alert(document.cookie)</script>" then it will execute this. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
I couldn't find anywhere else to contact you so this seemed the right way.
I advise you to use htmlspecialchars() with ENT_QUOTES to filter the user-input. Since it looks like this file shouldn't be accessed by users at all it might be worth protecting the file with a .htaccess file.
Kind Regards,
Jordy Zomer
The text was updated successfully, but these errors were encountered:
Hey,
I would like to report a XSS vulnerability in /includes/prefs.inc.php
If the value of $_POST['key'] is set to some malicious javascript E.G. "<script>alert(document.cookie)</script>" then it will execute this. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
I couldn't find anywhere else to contact you so this seemed the right way.
I advise you to use htmlspecialchars() with ENT_QUOTES to filter the user-input. Since it looks like this file shouldn't be accessed by users at all it might be worth protecting the file with a .htaccess file.
Kind Regards,
Jordy Zomer
The text was updated successfully, but these errors were encountered: