/

xss filter bypass in neorazorx/facturascripts

Valid

Reported on

May 13th 2022

Description

xss check bypass

Proof of Concept

i see you you fixed https://huntr.dev/bounties/31aba7c9-edcf-44bf-9fd8-ca15d1fa53c8/ by using if (!empty($this->web) && !filter_var($this->web, FILTER_VALIDATE_URL)) { .
But this can be bypassed easily and cause xss .
FILTER_VALIDATE_URL can be bypassed using url like javascript://example.com//%0aalert(document.domain);//

Impact

xss bypass

Occurrences

AgenciaTransporte.php L91-L112

AgenciaTransporteTest.php L20-L78

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago

We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago

Carlos Garcia validated this vulnerability a year ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Carlos Garcia marked this as fixed in 2022.08 with commit 61ee9c a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

AgenciaTransporte.php#L91-L112 has been validated

AgenciaTransporteTest.php#L20-L78 has been validated

to join this conversation

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago

We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago

Carlos Garcia validated this vulnerability a year ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Carlos Garcia marked this as fixed in 2022.08 with commit 61ee9c a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

AgenciaTransporte.php#L91-L112 has been validated

AgenciaTransporteTest.php#L20-L78 has been validated

to join this conversation