Cross-site Scripting (XSS) - Reflected in falconchristmas/fppValid
Reported on Jun 30th 2021
Reflected XSS in ping.php as IP parameter is not sanitized.
🕵️♂️ Proof of Concept
Vulnerable Code: <h2>Ping echo $ip; </h2> Payload: <h2>Ping echo <script>alert(1)</script> </h2>
This vulnerability is capable of reflected XSS