Skrol29 TbsZip Reflected Cross-Site Scripting Vulnerability

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Skrol29 TbsZip versions through 2.17. The issue arises in the RaiseError function, where error messages are not properly sanitized before being displayed to users. This allows remote attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the filename parameter, which is then processed by the FileRead function.

Impact

Exploitation of this vulnerability allows for reflected Cross-Site Scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to a script that uses the TbsZip library, such as xss.php. Include a filename parameter with a script payload, such as an alert script, and a zip parameter with a value like 'test.zip'. The RaiseError function will reflect the unsanitized payload back to the user's browser, executing the injected script.

Remediation

Users can upgrade to Skrol29 TbsZip version 2.18 or later, where this vulnerability has been fixed.