Version 4.7.1 Reflected XSS Vulnerability
ogoktas14 opened this issue · 1 comments
ogoktas14 commented
- LogViewer Version: 4.7.1
- Laravel Version: #.#.#
- PHP Version: #.#.#
I discovered a reflected XSS vulnerability while testing the application.
Steps to reproduce it;
- Go to LogViewer
- Perform a search within a specific log entry like so:
GET /manager/logs/logs/2023-11-16/all/search?query="><img+src%3Dx+onerror%3Dalert%28document.cookie%29>
- XSS will run.
arcanedev-maroc commented
Couldn't reproduce this issue, the query was escaped and it didn't show the alert
Can you send a video demonstrating it?