search

anze3db / fedidevs

Discover amazing developers across the fediverse 🌐
https://fedidevs.com
MIT License
24 stars 6 forks source link

Investigate possible XSS vulnerabilitites #78

Open anze3db opened 1 month ago

anze3db commented 1 month ago

This is the requests that the scanner tool found:

[xss-fuzz] [http] [medium] https://fedidevs.com/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E [xss_param="t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E"]
[xss-fuzz] [http] [medium] https://fedidevs.com/?widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E [xss_param="widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E"]
[xss-fuzz] [http] [medium] https://fedidevs.com/?activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E [xss_param="activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E"]