osclass manager - XSS

2019.03.31
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

software homepage : https://osclass.org/ >go to website home page edit language if you see the request in GET as example.com/?locale=language_country (vulnerable) use payload : /?locale=fr_FR%20src=--"><script>alert('Salvatrucha')</script> >for developpers : id you're using osclass check the index.php in the language the osvlass doesn't filter the entities of the language name >vulnerable code : $language = $_GET['$locale'] fix it by adding the htmlspecialchars() function $language = htmlspecialchars($_GET['$locale']) >examples of vulnerable websites : toiledz.com >check here for vulnerable sites : https://trends.builtwith.com/websitelist/OS-Class

References:

Salvatrucha


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top