You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vector is: javascript://www.xss.com?%0aalert%281%29
The regular expression you are using happily parse the above vector and attacker can execute JavaScript. The easiest fix would be instead of having a-z and A-Z in regular expression ... It should be something like http or https ...
The text was updated successfully, but these errors were encountered:
Hi,
XSS is possible in URL function that is available here:
feindura-flat-file-cms/library/classes/XssFilter.class.php
Line 410 in 527920f
The vector is:
javascript://www.xss.com?%0aalert%281%29
The regular expression you are using happily parse the above vector and attacker can execute JavaScript. The easiest fix would be instead of having a-z and A-Z in regular expression ... It should be something like http or https ...
The text was updated successfully, but these errors were encountered: