Wangchenyi1996 Chat Forum Cross-Site Scripting Vulnerability in Q.php
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in the Wangchenyi1996 Chat Forum application, specifically in the file Q.php, within the version up to commit 80bdb92f5b460d36cab36e530a2c618acef5afd2. The vulnerability arises from improper handling of the 'path' argument, allowing for user input to be manipulated and executed as script code. This issue can be exploited remotely, but requires user interaction.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, send a request to the Q.php file with the 'path' parameter set to a directory path that the application has access to. The 'num' parameter should also be included, specifying the number of images to be processed. The application will generate a response that includes the specified images, but the 'path' parameter is not properly sanitized, creating an opportunity for cross-site scripting.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.