xss_1

[xjzzzxx]

Hello,

I would like to report for a XSS vulnerability in gazelle commit 63b3370

In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php

...
<form action="" method="POST">
    <input type="email" class="inputtext" placeholder="Email Address" name="email" required /> <input type="submit" value="Submit" />
    <input type="hidden" name="username" value="<?=$_COOKIE['username']?>" />       // Line 25
</form><br /><br />
...

Source from $_COOKIE['username'] without any filtering or checking which resulting in XSS.

Poc

GET sections/login/disabled.php

With the Cookie

username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22

Manual verification

BTW，cms.gazelle.com in local（changes hosts）

[aaronhenderson]

Pretty deep space vulnerability that one but good demonstration.