XSS vector at cost.php

[AltayAkkus]

Hi, in cost.php the user passes a variable named condition https://github.com/dargmuesli/randomwinpicker/blob/869087e51d98716b88c3b6d40bf4b03639888f35/src/static/resources/dargmuesli/cost.php#L6 then the variable condition is added into a HTML template, without escaping possible HTML injections. The template is also echoed without any further escaping of injected HTML. So a possible attack would be: siteoftheurl.com/cost.php?condition= I could use that to perform malicious actions from the targeted user account or steal his cookies, since there appears to be no CSRF protection.

[dargmuesli]

Hey, thanks for checking out my most legacy project I host on GitHub and taking the challenge! :stuck_out_tongue_closed_eyes: Let's have a chat on flipdot's Mumble soon, ok? :partying_face: