Cross-site Scripting (XSS) - Reflected in slackero/phpwcms


Reported on

Aug 21st 2021

✍️ Description

Reflected xss

🕵️‍♂️ Proof of Concept

     'HTTP-REFERER: '.(echoempty($ref) ? 'unknown' : $ref);

💥 Impact

xss bug

We have contacted a member of the slackero/phpwcms team and are waiting to hear back 2 years ago
Oliver Georgi validated this vulnerability 2 years ago
rohit75033 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Oliver Georgi marked this as fixed with commit 6876be 2 years ago
Oliver Georgi has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation