GHSA-ggwq-xc72-33r3

Source

https://github.com/advisories/GHSA-ggwq-xc72-33r3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ggwq-xc72-33r3

Aliases

CVE-2024-56517

Published

2024-12-30T16:49:28Z

Modified

2024-12-30T18:53:37.039895Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Details

Reflected XSS at /lgslfiles/lgsllist.php

Description:

Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response.

The vulnerability is present at Line 20-24

  $uri = $_SERVER['REQUEST_URI'];

  if ($lgsl_config['preloader']) {
    $uri = $_SERVER['HTTP_REFERER'];
  }

Proof of Concept: 1. Capture a request to the path /lgsl_files/lgsl_list.php. 2. Inject the following payload into the Referer header: test'><script>alert(1)</script><. 3. Send the request. 4. The XSS payload is triggered when reloading.

Impact:

Execution of Malicious Code

Database specific

{
    "nvd_published_at": "2024-12-30T17:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-30T16:49:28Z"
}

References

Affected packages

Packagist / tltneon/lgsl

Package

Name: tltneon/lgsl
Purl: pkg:composer/tltneon/lgsl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.2.1

Affected versions

v5.*

v5.10.0

v5.10.1

v5.10.2

v5.10.3

v6.*

v6.0.0

v6.0.1

v6.1.0

v6.1.1

v6.2.0

v6.2.1