Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing


Reported on

Sep 7th 2021

✍️ Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

The user input GET parameter proto ip port url of index.php is unsanitized resulting reflected cross site scripting.


Apply context-dependent encoding and/or validation to user input rendered on a page

📍 Location index.php#L8-L12 📝 References XSS


We created a GitHub Issue asking the maintainers to create a 2 years ago
wtwver modified the report
2 years ago
2 years ago


Hey wtwver, I've contacted the repo's maintainers for you.

We have contacted a member of the cujanovic/ssrf-testing team and are waiting to hear back 2 years ago
2 years ago


Thanks, this was fixed:

2 years ago


Hi, would you mind to click validate? thanks

Predrag Cujanović validated this vulnerability 2 years ago
wtwver has been awarded the disclosure bounty
The fix bounty is now up for grabs
Predrag Cujanović marked this as fixed with commit 971359 2 years ago
Predrag Cujanović has been awarded the fix bounty
This vulnerability will not receive a CVE
index.php#L8-L12 has been validated
to join this conversation