You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The print directly outputs the parameter $_GET['note'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_GET['note']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g., htmlspecialchars()) for user input before displaying it on the webpage.
The text was updated successfully, but these errors were encountered:
Recently, our team found a reflected cross-site scripting (XSS) vulnerability
The vulnerability logic is present in the file:
https://github.com/domOrielton/minimal-web-notepad/blob/master/index.php#L81
The
print
directly outputs the parameter$_GET['note']
without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with$_GET['note']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g.,
htmlspecialchars()
) for user input before displaying it on the webpage.The text was updated successfully, but these errors were encountered: