[security vulnerability] Cross-Site Scripting (XSS) vulnerabilities
GatekeeperBuster opened this issue · 0 comments
GatekeeperBuster commented
Recently, our team found a reflected cross-site scripting (XSS) vulnerability
The vulnerability logic is present in the file:
https://github.com/domOrielton/minimal-web-notepad/blob/master/view.php#L27
The print
directly outputs the parameter $_GET['note']
without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_GET['note']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g., htmlspecialchars()
) for user input before displaying it on the webpage.