You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
To Reproduce
Steps to reproduce the behavior:
Go to the page with following parameter: http://[localhost]/Ushahidi_Web/reports?filterParams=%7B%22page%22%3Anull%2C%22from%22%3A%222021-09-01%22%2C%22to%22%3A%222021-09-01%22%7D%27);alert(%271
Boom!
Screenshots
Attack result
Where the Issue Occurred
The code below displays the user-controlled parameter filterParams without sufficient sanitization:
Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
To Reproduce
Steps to reproduce the behavior:
Screenshots
Where the Issue Occurred
The code below displays the user-controlled parameter
filterParamswithout sufficient sanitization:Ushahidi_Web/themes/default/views/reports/reports_js.php
Line 551 in 2b23c4a
The text was updated successfully, but these errors were encountered: