Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nZ3dxLXhjNzItMzNyM84ABC1A

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgsl_files/lgsl_list.php

Description:

Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization.
When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response.

The vulnerability is present at Line 20-24

  $uri = $_SERVER['REQUEST_URI'];

  if ($lgsl_config['preloader']) {
    $uri = $_SERVER['HTTP_REFERER'];
  }

Proof of Concept:

  1. Capture a request to the path /lgsl_files/lgsl_list.php.
  2. Inject the following payload into the Referer header: test'><script>alert(1)</script><.
  3. Send the request.
  4. The XSS payload is triggered when reloading.
    image
    image

Impact:

Execution of Malicious Code

Permalink: https://github.com/advisories/GHSA-ggwq-xc72-33r3
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZ3dxLXhjNzItMzNyM84ABC1A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 days ago
Updated: 9 days ago


EPSS Percentage: 0.00045
EPSS Percentile: 0.17541

Identifiers: GHSA-ggwq-xc72-33r3, CVE-2024-56517
References: Repository: https://github.com/tltneon/lgsl
Blast Radius: 1.0

Affected Packages

packagist:tltneon/lgsl
Dependent packages: 0
Dependent repositories: 0
Downloads: 245 total
Affected Version Ranges: <= 6.2.1
No known fixed version
All affected versions: 5.10.0, 5.10.1, 5.10.2, 5.10.3, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 6.2.1