Cross-site Scripting (XSS) - Reflected in slackero/phpwcms


Reported on

Aug 21st 2021

✍️ Description

Reflected xss

🕵️‍♂️ Proof of Concept

     'HTTP-REFERER: '.(echoempty($ref) ? 'unknown' : $ref);

💥 Impact

xss bug

We have contacted a member of the slackero/phpwcms team and are waiting to hear back a year ago
Oliver Georgi validated this vulnerability a year ago
rohit75033 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Oliver Georgi confirmed that a fix has been merged on 6876be a year ago
Oliver Georgi has been awarded the fix bounty
to join this conversation