Headline
CVE-2021-4310: Hotfix: XSS-Vulnerability $_SERVER['PHP_SELF'] · 01-Scripts/01-Artikelsystem@ae849b3
A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this user All GitHub
In this repository All GitHub
Sign in
Sign up
01-Scripts / 01-Artikelsystem Public
- Notifications
- Fork 0
- Star 0
- Code
- Pull requests
- Actions
- Security
- Insights
More
Permalink
Browse files
Hotfix: XSS-Vulnerability $_SERVER[‘PHP_SELF’]
https://seancoates.com/blogs/xss-woes
- Loading branch information
01-Scripts committed
Sep 15, 2021
1 parent c081ea8 commit ae849b347a58c2cb1be38d04bbe56fc883d5d84a
Showing 1 changed file with 1 addition and 1 deletion.
2 01article.php
Show comments View file
@@ -50,7 +50,7 @@
// Variablen
$imagepf = $moduldir.$modulvz.$imagepf; // Pfad zum Bild-Verzeichnis
$tempdir = $moduldir.$modulvz.$tempdir; // Template-Verzeichnis
$filename = $_SERVER[‘PHP_SELF’]; // Variable enthält die Adresse der Datei, auf der das Artikelsystem eingebunden wurde
$filename = $_SERVER[‘SCRIPT_NAME’]; // Variable enthält die Adresse der Datei, auf der das Artikelsystem eingebunden wurde
$flag_comments_js = TRUE; // Kommentar-Feld per Default via JavaScript ausblenden?
// Language-File einbinden
0 comments on commit ae849b3
Please sign in to comment.