Отправить #224372: FotosCMS2 cookie parameter in profile.php has an XSS vulnerability.Информация

Название	FotosCMS2 cookie parameter in profile.php has an XSS vulnerability.
Описание	On the profile.php page, line 20 will output, echo$_ SESSION ['username '].' - Профиль';， But$_ SESSION ['username '] is obtained through the if (isset ($-COOKIE ['username cookie')) {$_SESSION ['username ']=$-COOKIE ['username cookie'];} in the cfg. php file$_ COOKIE ['username cookie '] is something that users can manipulate and can cause XSS vulnerabilities. ![image](https://github.com/AlexanderLivanov/FotosCMS2/assets/113713406/9ad2193a-4f8b-43c2-9fc7-5a92d3f08936)
Источник	⚠️ https://github.com/AlexanderLivanov/FotosCMS2/issues/18
Пользователь	zihe (UID 56943)
Представление	23.10.2023 08:14 (3 лет назад)
Модерация	28.10.2023 08:46 (5 days later)
Статус	принято
Запись VulDB	243802 [AlexanderLivanov FotosCMS2 до 2.4.3 Cookie profile.php Имя пользователя межсайтовый скриптинг]
Баллы	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!