GHSA-GGWQ-XC72-33R3

Vulnerability from github – Published: 2024-12-30 16:49 – Updated: 2024-12-30 18:44
VLAI?
Summary
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
Details

Reflected XSS at /lgsl_files/lgsl_list.php

Description:

Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response.

The vulnerability is present at Line 20-24

  $uri = $_SERVER['REQUEST_URI'];

  if ($lgsl_config['preloader']) {
    $uri = $_SERVER['HTTP_REFERER'];
  }

Proof of Concept: 1. Capture a request to the path /lgsl_files/lgsl_list.php. 2. Inject the following payload into the Referer header: test'><script>alert(1)</script><. 3. Send the request. 4. The XSS payload is triggered when reloading. image image

Impact:

Execution of Malicious Code

Severity ?
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tltneon/lgsl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "6.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-56517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-30T16:49:28Z",
    "nvd_published_at": "2024-12-30T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "# Reflected XSS at /lgsl_files/lgsl_list.php\n\n\n**Description:**\n\nVulnerability: A reflected XSS vulnerability exists in the `Referer` HTTP header of [LGSL v6.2.1](https://github.com/tltneon/lgsl/releases/tag/v6.2.1). The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization.\nWhen crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the application\u2019s response.\n\n\nThe vulnerability is present at [Line 20-24](https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24)\n```php\n  $uri = $_SERVER[\u0027REQUEST_URI\u0027];\n\n  if ($lgsl_config[\u0027preloader\u0027]) {\n    $uri = $_SERVER[\u0027HTTP_REFERER\u0027];\n  }\n```\n\n**Proof of Concept:**\n1. Capture a request to the path `/lgsl_files/lgsl_list.php`.\n2. Inject the following payload into the Referer header: `test\u0027\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c`.\n3. Send the request.\n4. The XSS payload is triggered when reloading.\n![image](https://github.com/user-attachments/assets/467a6c60-db45-4520-9918-59dff819b384)\n![image](https://github.com/user-attachments/assets/c537c59e-38c2-47f0-97d8-54ee1b2018b8)\n\n\n\n**Impact:**\n\nExecution of Malicious Code\n\n",
  "id": "GHSA-ggwq-xc72-33r3",
  "modified": "2024-12-30T18:44:58Z",
  "published": "2024-12-30T16:49:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56517"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tltneon/lgsl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "LGSL has a reflected XSS at /lgsl_files/lgsl_list.php"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.