Cross-site Scripting (XSS) - Reflected in slackero/phpwcms

Valid

Reported on

Aug 21st 2021


✍️ Description

Reflected xss

🕵️‍♂️ Proof of Concept

     'HTTP-REFERER: '.(echoempty($ref) ? 'unknown' : $ref);

💥 Impact

xss bug

We have contacted a member of the slackero/phpwcms team and are waiting to hear back 3 months ago
Oliver Georgi validated this vulnerability 3 months ago
rohit75033 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Oliver Georgi confirmed that a fix has been merged on 6876be 3 months ago
Oliver Georgi has been awarded the fix bounty