pkgdoc icon indicating copy to clipboard operation
pkgdoc copied to clipboard
verified publisher icon polaris1119

XSS Vulnerability

Open royblume opened this issue 1 year ago • 0 comments

A Cross-Site Scripting (XSS) vulnerability exists in s.php of the pkgdoc GitHub repository. The s parameter is improperly sanitized before being embedded in the HTML output. An attacker can exploit this vulnerability by tricking users into visiting a crafted URL containing malicious JavaScript, which will be executed in the victim’s browser. This can lead to unauthorized access to sensitive information, session hijacking, or content manipulation.

Example proof-of-concept: [DOMAIN]/s.php?s=

royblume avatar Dec 24 '24 21:12 royblume