Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4585: Fix XSS on home page (OBB-602216) · OpencachingDeutschland/oc-server3@c720f27

A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs/templates2/ocstyle/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171.

CVE
Open in Source
#xss#vulnerability#git#php

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

OpencachingDeutschland / oc-server3 Public

  • Notifications
  • Fork 45
  • Star 37
  • Code
  • Pull requests 4
  • Discussions
  • Actions
  • Projects
  • Security
  • Insights

More

Permalink

Browse files

Fix XSS on home page (OBB-602216)

Do not store totaly invalid countries in cookie in the first place

  • Loading branch information

sdennler committed

Sep 4, 2022

1 parent a9f79c7 commit c720f2777a452186c67ef30db3679dd409556544

Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.

      • common.inc.php
      • start.tpl

2 htdocs/lib2/common.inc.php

Show comments View file

@@ -270,7 +270,7 @@ function set_usercountry(): void

{

global $cookie;

if (isset($_REQUEST[‘usercountry’])) {

if (preg_match('/^[a-z]{2}$/i’, $_REQUEST[‘usercountry’] ?? ‘’)) {

$cookie->set('usercountry’, $_REQUEST[‘usercountry’]);

}

}

2 htdocs/templates2/ocstyle/start.tpl

Show comments View file

@@ -127,7 +127,7 @@

<p class="content-title-noshade-size3">

<img src="resource2/{$opt.template.style}/images/misc/22x22-traditional.png" style="margin-right: 10px;"

width="22" height="22" alt=""/>

<a href="newcaches.php?country={$usercountryCode}"

<a href="newcaches.php?country={$usercountryCode|escape}"

style="color:rgb(88,144,168); text-decoration: none;">{t 1=$usercountry|escape}Newest caches in %1{/t}</a>

  <span class="content-title-link">[<a href="newcaches.php">{t}more{/t}…</a>]</span>

</p>

0 comments on commit c720f27

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE