Update nbm.php #69
Update nbm.php #69
Conversation
|
✅ No security or compliance issues detected. Reviewed everything up to f21a4c2. Security Overview
Detected Code Changes
Reply to this PR with |
![zeropath-ai-staging[bot]](https://avatars.githubusercontent.com/in/1190428?s=60&v=4){kind=small}
| trigger_notify('loading_lang'); | ||
| load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) ); | ||
|
|
||
| echo $_GET['asdf']; |
There was a problem hiding this comment.
Reflected XSS Vulnerability in nbm.php (Severity: MEDIUM)
This reflected cross-site scripting (XSS) vulnerability in nbm.php allows an attacker to inject arbitrary JavaScript into the application, potentially leading to session hijacking or defacement. The vulnerability exists because the application directly reflects the asdf parameter from the GET request in the response on line 24 without proper sanitization or escaping, which causes the browser to execute any injected scripts.
View details in ZeroPath
| echo $_GET['asdf']; | |
| echo isset($_GET['asdf']) ? htmlspecialchars($_GET['asdf'], ENT_QUOTES|ENT_SUBSTITUTE, 'UTF-8') : ''; |
|
❌ Possible security or compliance issues detected. Reviewed everything up to f21a4c2. The following issues were found:
Security Overview
Detected Code Changes
|
No description provided.