search

NXTS-Developers / MOFHY-Lite

MOFHY Lite is a free web hosting management system to manage MOFH hosting accounts and SSL certificates.
https://getmofhy.eu.org
MIT License
20 stars 14 forks source link

XSS: Do not echo unencoded GET values #99

Closed greenreader9 closed 1 month ago

greenreader9 commented 2 years ago

Describe the bug The application echos un-encoded GET values

Expected behavior The application does not echo un-encoded GET values

Screenshots Example: Screenshot 2022-03-18 9 58 25 AM

Additional context The following pages have the error: src/admin/template/AccountSettings.php:5 src/admin/template/AccountSettings.php:5 src/template/ViewAccount.php:4 src/template/AccountSettings.php:6 src/template/ViewSSL.php:4 src/template/cPLogin.php:5 src/template/ViewKnowledgebase.php:4 src/template/ViewKnowledgebase.php:4 src/template/ViewTicket.php:117 src/admin/template/ViewAccount.php:4

mahtab2003 commented 2 years ago

I didn't understand what the problem is?

greenreader9 commented 2 years ago

XSS Vulnerability

https://stackoverflow.com/questions/28001070/prevent-from-xss-attacks-when-echoing-variables

mahtab2003 commented 2 years ago

Ok