i-librarian icon indicating copy to clipboard operation
i-librarian copied to clipboard
verified publisher icon mkucej

XSS vulnerability in display.php

Open everping opened this issue 6 years ago • 2 comments

Summary

The parameter project is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack.

PoC

http://domain.tld/display.php?browse[]=all&project=1">test</a><script>alert(123)</script>&select=desk&_=1555500329996

Details

The flaw exists since $project was assigned to a GET parameter without sanitizing

https://github.com/mkucej/i-librarian/blob/07a2668ae012ff0d3fbede934fa526cd7d1c7c41/display.php#L15

then, $project was printed without escaping https://github.com/mkucej/i-librarian/blob/07a2668ae012ff0d3fbede934fa526cd7d1c7c41/display.php#L326

everping avatar Apr 17 '19 12:04 everping

Thank you. This will be fixed in the next version.

mkucej avatar Apr 17 '19 12:04 mkucej

@mkucej Can you assign this flaw a CVE?

everping avatar Apr 17 '19 12:04 everping