Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file: https://github.com/havok89/Hoosk/blob/master/install/index.php#L103
The echo directly outputs the parameter $_POST['siteURL'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_POST['siteURL']. To fix this vulnerability, we recommend that developers implement properly sanitization (e.g., htmlspecialchars()) for user input before displaying it on the webpage.
Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file: https://github.com/havok89/Hoosk/blob/master/install/index.php#L103
The
echodirectly outputs the parameter$_POST['siteURL']without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with$_POST['siteURL']. To fix this vulnerability, we recommend that developers implement properly sanitization (e.g.,htmlspecialchars()) for user input before displaying it on the webpage.