| Título | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Cross Site Scripting |
|---|
| Descripción | The affected components are `application/PHP/objects/notes/add_into_dictionary.php`, `application/PHP/objects/notes/display_dictionary.php`, `application/PHP/classes/Notes_controller.php`, and `application/JS/notes.js`. Dictionary entries store user-controlled `reference` values and later render them into HTML without escaping:
```php
$insert_definition_statement = $this->db_holder->prepare("INSERT INTO definitions VALUES (null, ?, ?);");
$insert_definition_statement->execute(array($definition, $reference));
...
$dictionary = $dictionary."<p>".nl2br(htmlentities($data[0]))."<br />
<span id='no_dictionary_added_by'>Added by: ".$data[2]."</span><br />
<span>Reference: ".$data[1]."</span>
</p>";
```
The client inserts the returned HTML with `.html(data)`:
```javascript
$("#no_display_dictionary_container_div").html(data);
```
An authenticated attacker can store payloads such as `<svg/onload=alert()>` in the reference field. When another user views the dictionary entry, the payload executes in that user's browser. |
|---|
| Fuente | ⚠️ https://github.com/mjperpinosa/stumasy/issues/8 |
|---|
| Usuario | cnluminous (UID 98136) |
|---|
| Sumisión | 2026-06-05 16:51 (hace 29 días) |
|---|
| Moderación | 2026-07-04 17:50 (29 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 376341 [mjperpinosa stumasy hasta 327d1b0f2915ba79d7ef8ebb74553e987609d9be add_into_dictionary.php add_definition reference secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|