subfolio icon indicating copy to clipboard operation
subfolio copied to clipboard
verified publisher icon area17

Reflected XSS Vulnerability

Open JayJayJay1 opened this issue 6 years ago • 0 comments

Hello, your code is prone to reflected XSS attacks, since some user input is not escaped. For example: https://github.com/area17/subfolio/blob/fcd7e59b670e5f3896d5fac5ff1f487b23feb57a/config/themes/default/pages/login.php#L13

You can escape user input before reflecting it on your website. For example, please consider using htmlentities($_POST['username']).

JayJayJay1 avatar Jul 15 '19 21:07 JayJayJay1