Menu
▾
▴
#775 XSS Reflected
There is a security issue, in particular a Reflected XSS, on "history" parameter. The issue affected the latest version of Adminer and priors.
Using the following request:
/adminer/?username=root&sql=&history='-alert('XSS')-'
is possible to execute javascript.
I applied for a CVE, assigned with the id "CVE-2020-35572".
As attachment a screenshot of the issue.
Updates?
I'm sorry for not responding sooner, I've missed this bug in triage.
There's no attachment and I can't reproduce it because browsers encode URL parameters so the
'is actually sent to server as%27.But I see what you mean and I've fixed the possible issue.
No problem and thanks for the fix.
I try to upload again the proof of the XSS.
If you reproduce it with Edge, you can trigger the XSS easily. Edge doesn't sanitize the input in the address bar.
Published at https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr.