Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system

Valid

Reported on

Sep 9th 2021

✍️ Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

The user input URL path REQUEST_URI of reset_pw.php is unsanitized resulting reflected cross site scripting.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page

We have contacted a member of the universaloj/uoj-system team and are waiting to hear back 14 days ago
billchenchina validated this vulnerability 14 days ago
wtwver has been awarded the disclosure bounty
The fix bounty is now up for grabs
billchenchina confirmed that a fix has been merged on e357d1 14 days ago
billchenchina has been awarded the fix bounty
wtwver
14 days ago

Researcher

Hi, the fix json_encode() is a JS function which can be bypassed with a ) at the beginning of the payload

The untrusted input handle shd be done with php function. Thanks

wtwver
14 days ago

Researcher

Sorry this is updated.

Hi, the fix json_encode() is a PHP function which is not located in php <??>

The untrusted input handle shd be done in side the <??> php boundry. Thanks

billchenchina
14 days ago

Maintainer

Hi, json_encode is a PHP function. The fix has a syntax error so I've done another commit to fix that. https://github.com/UniversalOJ/UOJ-System/commit/dcd0d0b66eb1f9c1cc201166e8484944c1a59d36

Thanks!