Skip to content

Reflected XSS Vulnerability #13

Description

@JayJayJay1

Hello,
your code is prone to reflected XSS attacks, since some user input is not escaped. For example:

<input type="text" value="<?php if(isset($_POST['username'])) { echo $_POST['username']; } ?>" id="username" name="username" class="field" tabindex="1" placeholder="<?php echo SubfolioLanguage::get_text('username');?>" data-behavior="search_field" />

You can escape user input before reflecting it on your website.
For example, please consider using htmlentities($_POST['username']).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions