You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey to every people who want to use this project, and to creator (great project)
I spotted some XSS on the Data Result, not a big vuln because it's pretty rare to have that type of username, but should be fixed. It happend when the database contains some code that can be executed.
Vulnerability Preview
How to fix ?
Simply use htmlspecialchars() or htmlentities() on the result variable $value like below.
This fix is the simplest, i also suggest to block any special characters in the search field.
The text was updated successfully, but these errors were encountered:
Hey to every people who want to use this project, and to creator (great project)
I spotted some XSS on the Data Result, not a big vuln because it's pretty rare to have that type of username, but should be fixed. It happend when the database contains some code that can be executed.
Vulnerability Preview
How to fix ?
Simply use htmlspecialchars() or htmlentities() on the result variable
$value
like below.This fix is the simplest, i also suggest to block any special characters in the search field.
The text was updated successfully, but these errors were encountered: