Detector is a simple, PHP- and JavaScript-based browser- and feature-detection library that can adapt to new devices & browsers on its own without the need to pull from a central database of browser information.
Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Describe the bug Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
To Reproduce Steps to reproduce the behavior:
Screenshots
Where the Issue Occurred The code below displays the user-controlled parameter
cidwithout sufficient sanitization: https://github.com/dmolsen/Detector/blob/f697794be555b4a2ce070a0b1265a1eb5f87fb58/web/templates/_contactform.inc.php#L22