TVRemotePlus [security vulnerability] Cross-Site Scripting (XSS) vulnerabilities

[security vulnerability] Cross-Site Scripting (XSS) vulnerabilities

Open GatekeeperBuster opened this issue 1 year ago • 0 comments

Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file: https://github.com/tsukumijima/TVRemotePlus/blob/master/htdocs/settings.php#L1290 The echo directly outputs the parameter $_POST['state'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_POST['state']

To fix this vulnerability, we recommend that developers implement properly sanitize (e.g., htmlspecialchars()) for user input before displaying it on the webpage.

Aug 04 '23 09:08 GatekeeperBuster

TVRemotePlus TVRemotePlus copied to clipboard

[security vulnerability] Cross-Site Scripting (XSS) vulnerabilities

TVRemotePlus
TVRemotePlus copied to clipboard