Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-4310: Hotfix: XSS-Vulnerability $_SERVER['PHP_SELF'] · 01-Scripts/01-Artikelsystem@ae849b3

A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability.

CVE
#xss#vulnerability#js#git#java#php

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog
    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections
  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this user All GitHub

  • In this repository All GitHub

Sign in

Sign up

01-Scripts / 01-Artikelsystem Public

  • Notifications
  • Fork 0
  • Star 0
  • Code
  • Pull requests
  • Actions
  • Security
  • Insights

More

Permalink

Browse files

Hotfix: XSS-Vulnerability $_SERVER[‘PHP_SELF’]

https://seancoates.com/blogs/xss-woes

  • Loading branch information

01-Scripts committed

Sep 15, 2021

1 parent c081ea8 commit ae849b347a58c2cb1be38d04bbe56fc883d5d84a

Showing 1 changed file with 1 addition and 1 deletion.

2 01article.php

Show comments View file

@@ -50,7 +50,7 @@

// Variablen

$imagepf = $moduldir.$modulvz.$imagepf; // Pfad zum Bild-Verzeichnis

$tempdir = $moduldir.$modulvz.$tempdir; // Template-Verzeichnis

$filename = $_SERVER[‘PHP_SELF’]; // Variable enthält die Adresse der Datei, auf der das Artikelsystem eingebunden wurde

$filename = $_SERVER[‘SCRIPT_NAME’]; // Variable enthält die Adresse der Datei, auf der das Artikelsystem eingebunden wurde

$flag_comments_js = TRUE; // Kommentar-Feld per Default via JavaScript ausblenden?

// Language-File einbinden

0 comments on commit ae849b3

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907