Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing


Reported on

Sep 7th 2021

✍️ Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

The user input GET parameter proto ip port url of index.php is unsanitized resulting reflected cross site scripting.


Apply context-dependent encoding and/or validation to user input rendered on a page

📍 Location index.php#L8-L12 📝 References XSS


We created a GitHub Issue asking the maintainers to create a a year ago
wtwver modified the report
a year ago
a year ago


Hey wtwver, I've contacted the repo's maintainers for you.

We have contacted a member of the cujanovic/ssrf-testing team and are waiting to hear back a year ago
a year ago


Thanks, this was fixed:

a year ago


Hi, would you mind to click validate? thanks

Predrag Cujanović validated this vulnerability a year ago
wtwver has been awarded the disclosure bounty
The fix bounty is now up for grabs
Predrag Cujanović confirmed that a fix has been merged on 971359 a year ago
Predrag Cujanović has been awarded the fix bounty
index.php#L8-L12 has been validated
to join this conversation