Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

Valid

Reported on

Jun 2nd 2021

✍️ Description

Reflected XSS in proxies.php when a user asked to add a proxy, resulting in XSS.

https://drive.google.com/file/d/14uabBenjA_DBpzWbbYq_iF8a9FU2fzhX/view?usp=sharing

payload: ' onmouseover='alert(1)

This vulnerability is capable of doing Reflected XSS.

Greg Hormann validated this vulnerability 2 years ago

x3rz has been awarded the disclosure bounty

The fix bounty is now up for grabs

Greg Hormann marked this as fixed with commit 46b30f 2 years ago