Submit #224372: FotosCMS2 cookie parameter in profile.php has an XSS vulnerability.info

TitleFotosCMS2 cookie parameter in profile.php has an XSS vulnerability.
DescriptionOn the profile.php page, line 20 will output, echo$_ SESSION ['username '].' - Профиль';, But$_ SESSION ['username '] is obtained through the if (isset ($-COOKIE ['username cookie')) {$_SESSION ['username ']=$-COOKIE ['username cookie'];} in the cfg. php file$_ COOKIE ['username cookie '] is something that users can manipulate and can cause XSS vulnerabilities. ![image](https://github.com/AlexanderLivanov/FotosCMS2/assets/113713406/9ad2193a-4f8b-43c2-9fc7-5a92d3f08936)
Source⚠️ https://github.com/AlexanderLivanov/FotosCMS2/issues/18
User
 zihe (UID 56943)
Submission10/23/2023 08:14 (3 years ago)
Moderation10/28/2023 08:46 (5 days later)
StatusAccepted
VulDB entry243802 [AlexanderLivanov FotosCMS2 up to 2.4.3 Cookie profile.php Username cross site scripting]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!