OURPHP Cross-Site Scripting Vulnerability in User Profile Feature

A stored Cross-Site Scripting (XSS) vulnerability has been identified in OURPHP versions through 8.6.1. The issue arises in the 'Complete Profile' functionality within the 'My User Center' page. After registration through the front-end interface, the vulnerability can be exploited via the 'Name' field. The problem stems from the dowith_sql function, which fails to properly sanitize double quotes in the OP_Username parameter. This oversight allows the injection of malicious JavaScript payloads, such as event handlers, which are then executed when an administrator views or edits the affected user profile in the backend.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user viewing the profile.

Remediation

To address this vulnerability, it is recommended to validate and sanitize input by properly filtering special characters, particularly quotes, in the OP_Username field. Additionally, context-aware output encoding should be applied when rendering user input on backend pages. Implementing strict Content Security Policy headers to block inline scripts can also help mitigate the risk.