You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim's browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Where the Issue Occured
The following code shows that the $_GET['token'] variable is reflected to the victim's browser without any input validation, leading to reflected XSS:
The Issue
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim's browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Where the Issue Occured
The following code shows that the
$_GET['token']
variable is reflected to the victim's browser without any input validation, leading to reflected XSS:OpenCart-Overclocked/upload/admin/view/template/extension/openbay.tpl
Line 95 in d145e4c
An example payload for the token variable is given below:
"; alert(1); //
The text was updated successfully, but these errors were encountered: