You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 15, 2025. It is now read-only.
Recently, our team found a reflected cross-site scripting (XSS) vulnerability
The vulnerability logic is present in the file: https://github.com/tsukumijima/TVRemotePlus/blob/master/htdocs/settings.php#L1290
The echo directly outputs the parameter $_POST['state'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_POST['state']
To fix this vulnerability, we recommend that developers implement properly sanitize (e.g., htmlspecialchars()) for user input before displaying it on the webpage.
Recently, our team found a reflected cross-site scripting (XSS) vulnerability
The vulnerability logic is present in the file:
https://github.com/tsukumijima/TVRemotePlus/blob/master/htdocs/settings.php#L1290
The
echodirectly outputs the parameter$_POST['state']without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with$_POST['state']To fix this vulnerability, we recommend that developers implement properly sanitize (e.g.,
htmlspecialchars()) for user input before displaying it on the webpage.