Langleyfcu Online Banking System Cross-Site Scripting Vulnerability in Error Message Handler

A cross-site scripting (XSS) vulnerability has been identified in the Langley Federal Credit Union (FCU) Online Banking System, specifically in versions prior to the commit 57437e6400ce0ae240e692c24e6346b8d0c17d7a. The issue arises in the Error Message Handler component, within the file 'connection_error.php'. The vulnerability can be exploited remotely by manipulating the 'error' argument, which leads to the execution of arbitrary scripts. This vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the Langley FCU Online Banking System and navigate to 'connection_error.php'. Once there, the 'error' parameter can be manipulated to include a script payload, such as a JavaScript alert. This will trigger the execution of the injected script, demonstrating the cross-site scripting vulnerability.