1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2024-56517

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Moderate severity GitHub Reviewed Published Dec 30, 2024 in tltneon/lgsl • Updated Dec 30, 2024

Package

Affected versions

<= 6.2.1

Reflected XSS at /lgsl_files/lgsl_list.php

Description:

Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization.
When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response.

The vulnerability is present at Line 20-24

$uri = $_SERVER[‘REQUEST_URI’];

if ($lgsl_config[‘preloader’]) { $uri = $_SERVER[‘HTTP_REFERER’]; }

Proof of Concept:

1. Capture a request to the path /lgsl_files/lgsl_list.php.
2. Inject the following payload into the Referer header: test’><script>alert(1)</script><.
3. Send the request.
4. The XSS payload is triggered when reloading.

Impact:

Execution of Malicious Code

References

• GHSA-ggwq-xc72-33r3
• tltneon/lgsl@7ecb839

Published to the GitHub Advisory Database

Dec 30, 2024

Last updated

Dec 30, 2024