search

ARCANEDEV / LogViewer

:page_with_curl: Provides a log viewer for Laravel
MIT License
2.37k stars 335 forks source link

Version 4.7.1 Reflected XSS Vulnerability #443

Closed ogoktas14 closed 8 months ago

ogoktas14 commented 1 year ago

I discovered a reflected XSS vulnerability while testing the application.

Steps to reproduce it;

  1. Go to LogViewer
  2. Perform a search within a specific log entry like so:

GET /manager/logs/logs/2023-11-16/all/search?query="><img+src%3Dx+onerror%3Dalert%28document.cookie%29>

  1. XSS will run.
arcanedev-maroc commented 8 months ago

Couldn't reproduce this issue, the query was escaped and it didn't show the alert Can you send a video demonstrating it?