Security Vulnerability: Reflected XSS in 'query' GET Parameter

Summary

A reflected Cross-Site Scripting (XSS) vulnerability has been identified. The query parameter from GET requests is not being properly sanitized before being rendered in the HTML response, allowing an attacker to execute malicious scripts in a user's browser.

Vulnerability Details

The root cause is that the value of the query GET parameter is directly embedded into the HTML response without any output encoding or sanitization. This allows an attacker to craft a malicious URL that injects and executes arbitrary JavaScript payloads on the victim's browser.

Recommended Fix

To mitigate this vulnerability, implement context-aware output encoding. The user-supplied input from the query parameter must be treated as plain text and never be executed as code.

Please apply the following PHP function to the parameter before it is rendered in the HTML:

php htmlspecialchars($_GET['query'], ENT_QUOTES, 'UTF-8')

This will ensure all special characters are converted to their corresponding HTML entities, preventing script execution.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information