Cross-site Scripting (XSS) - Stored in projectsend/projectsend
Jul 2nd 2021
section parameter at
Line 331 of
email-templates.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.
In this case the data is sent at
🕵️♂️ Proof of Concept
Data enters in application through an untrusted source.
$section = ( !empty( $_GET['section'] ) ) ? $_GET['section'] : $_POST['section'];
The data is included in dynamic content that is sent to a web user without being validated.
<input type="hidden" name="section" value="echo $section; ">
Providing payload as:
section="><script>alert(1)</script> will result into XSS.