Open enferas opened 2 years ago
CVE-2021-43697 is assigned.
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.
Hello,
I would like to report for XSS vulnerability.
In file https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/blob/master/wmchat/ThinkPHP/Mode/Api/Controller.class.php line 70
exit function will terminate the script and print a message which has $_GET[C('VAR_JSONP_HANDLER')]. Then there is XSS vulnerability.