You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The echo directly outputs the parameter $_POST['drop_cols'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_POST['drop_cols']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g., htmlspecialchars()) for user input before displaying it on the webpage.
The text was updated successfully, but these errors were encountered:
GatekeeperBuster
changed the title
Cross-Site Scripting (XSS) vulnerabilities
[security vulnerability] Cross-Site Scripting (XSS) vulnerabilities
Aug 4, 2023
Recently, our team found a reflected cross-site scripting (XSS) vulnerability
The vulnerability logic is present in the file:
https://github.com/mariuz/firebirdwebadmin/blob/master/panels/tb_dropfields.php#L27
The
echo
directly outputs the parameter$_POST['drop_cols']
without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with$_POST['drop_cols']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g.,
htmlspecialchars()
) for user input before displaying it on the webpage.The text was updated successfully, but these errors were encountered: