Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Valid

Reported on

Feb 12th 2022


Description

https://github.com/gnuboard/gnuboard5/blob/v5.4.22/mobile/shop/lg/mispwapurl.php#L7 has no filtering for the variable.

So, Attackers can trigger Reflected XSS via $_GET['LGD_OID']

Proof of Concept

/mobile/shop/lg/mispwapurl.php?LGD_OID=%3Cscript%3Ealert(1)%3C/script%3E

Impact

Attacker can execute arbitrary JS code execution.

We are processing your report and will contact the gnuboard/gnuboard5 team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 2 years ago
We have contacted a member of the gnuboard/gnuboard5 team and are waiting to hear back 2 years ago
We have sent a follow up to the gnuboard/gnuboard5 team. We will try again in 4 days. 2 years ago
We have sent a second follow up to the gnuboard/gnuboard5 team. We will try again in 7 days. 2 years ago
We have sent a third follow up to the gnuboard/gnuboard5 team. We will try again in 14 days. 2 years ago
gnuboard validated this vulnerability 2 years ago
sqrtrev has been awarded the disclosure bounty
The fix bounty is now up for grabs
gnuboard marked this as fixed in 5.5.4 with commit 30a248 2 years ago
The fix bounty has been dropped
to join this conversation