Possible XSS vulnerability

[enferas]

Hello,

I would like to report for XSS vulnerability.

In file https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/blob/master/wmchat/ThinkPHP/Mode/Api/Controller.class.php line 70

$handler  =   isset($_GET[C('VAR_JSONP_HANDLER')]) ? $_GET[C('VAR_JSONP_HANDLER')] : C('DEFAULT_JSONP_HANDLER');
exit($handler.'('.json_encode($data).');'); 

exit function will terminate the script and print a message which has $_GET[C('VAR_JSONP_HANDLER')]. Then there is XSS vulnerability.

[enferas]

CVE-2021-43697 is assigned.

An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.