Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file:
https://github.com/szvone/vmqphp/blob/master/public/example/main.php#L10
The echo directly outputs multiple POST parameters, such as $_POST['payId'], without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_POST['payId']. To fix this vulnerability, we recommend that developers implement proper sanitization (e.g., htmlspecialchars()) for user input before displaying it on the webpage.
Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file:
https://github.com/szvone/vmqphp/blob/master/public/example/main.php#L10
The
echodirectly outputs multiple POST parameters, such as$_POST['payId'], without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with$_POST['payId']. To fix this vulnerability, we recommend that developers implement proper sanitization (e.g.,htmlspecialchars()) for user input before displaying it on the webpage.