We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

/

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

Valid

Reported on

Sep 21st 2021

✍️ Description

Stored XSS in action

🕵️‍♂️ Proof of Concept

Navigate to "index.php?action=<script>alert(1);</script>&page=Main Page"
See XSS executed

xss

💥 Impact

With this vulnerability, You can run arbitrary java script on all users.

Occurrences

100-run.php L56

This line directly throws user input into HTML without sanitation.

We have contacted a member of the sbrl/pepperminty-wiki team and are waiting to hear back 2 years ago

Starbeamrainbowlabs marked this as fixed with commit 2e1e1d 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

100-run.php#L56 has been validated

Starbeamrainbowlabs Starbeamrainbowlabs

commented 2 years ago

Maintainer

Thanks - that was a mistake that I should have caught earlier :P

to join this conversation

We have contacted a member of the sbrl/pepperminty-wiki team and are waiting to hear back 2 years ago

Starbeamrainbowlabs marked this as fixed with commit 2e1e1d 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

100-run.php#L56 has been validated

Starbeamrainbowlabs Starbeamrainbowlabs

commented 2 years ago

Maintainer

Thanks - that was a mistake that I should have caught earlier :P

to join this conversation