XinLiangCoder php_api_doc Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in XinLiangCoder php_api_doc, specifically in list_method.php, prior to commit 1ce5bbf. This vulnerability allows remote attackers to execute arbitrary JavaScript in the context of the victim's browser. Exploitation involves injecting malicious code through the 'f' parameter of a GET request. The unsanitized input is directly output to the page without adequate neutralization, which could lead to session hijacking, credential theft, or malware distribution within the application context.

Impact

Successful exploitation allows for the execution of arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, credential theft, or malware distribution within the application context.

Added: Mar 20, 2026, 6:22 PM

Updated: Mar 20, 2026, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

6.9

remediation

0.0

relevance

4.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

6.9

remediation

0.0

relevance

4.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XinLiangCoder php_api_doc Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating