WEBIGniter Cross-Site Scripting Vulnerability in User Creation Process
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in WEBIGniter version 28.7.23, specifically during the user creation process. This issue allows unauthenticated attackers to inject and execute malicious JavaScript code, potentially leading to XSS attacks. The vulnerability arises because the 'your_name' parameter does not properly validate user input, allowing for the injection of harmful scripts.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Reproduction
To reproduce this vulnerability, navigate to the account creation page and inject malicious JavaScript into the 'your_name' parameter. Once the account is created, the injected script will execute when the user visits the 'users' page under their profile.
Remediation
Input validation and encoding should be applied to the 'your_name' parameter to sanitize user input and prevent script execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.