NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
Submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
- Reflected Cross-Site Scripting (XSS)
Root Cause
- The
/index.php file improperly reflects user-supplied input back into the response HTML without sufficient sanitization or encoding. This allows arbitrary JavaScript to be injected and executed in the context of the user’s session
Impact
- This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser. Potential consequences include:
- Session hijacking (e.g., cookie theft)
- Credential compromise
- Redirection to malicious sites
- Browser-based attacks (e.g., phishing, CSRF chaining)
- Full account takeover (if session is stolen)