[Security] XSS in _contactform.inc.php

[seongil-wi]

Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

To Reproduce
Steps to reproduce the behavior:

1. Go to the page with following parameter: http://[localhost]/Detector/web/templates/_contactform.inc.php?cid=%3C/textarea%3E%3Cscript%3Ealert(1);%3C/script%3E
2. Boom!

Screenshots

• Attack result
  

Where the Issue Occurred
The code below displays the user-controlled parameter cid without sufficient sanitization:

Detector/web/templates/_contactform.inc.php

Line 22 in f697794

I may have found a problem with the browser related to the user agent hash "<?=$_REQUEST['cid']?>." My notes are below: