Cross-Site Scripting in PHP Code Snippet Library

vendor:

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Cross-Site Scripting in PHP Code Snippet Library

The PHP Code Snippet Library is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities exist due to a lack of proper sanitization of user-supplied URI input. An attacker can exploit these vulnerabilities by creating a malicious URI link that includes hostile HTML and script code. When a victim user follows this link, the malicious code may be executed in the context of the affected website, potentially leading to the theft of authentication credentials or other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before using it in HTML output. Additionally, implementing a content security policy (CSP) can help prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11038/info

PHP Code Snippet Library is reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.

These issues could permit a remote attacker to create a malicious URI link to the PHP Code Snippet Library site that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/[path]/index.php?cat_select=[XSS]
http://www.example.com/[path]/index.php?cat_select=[XSS]&show=[XSS]