arPHP 3.6.0 - Reflected XSS

Mar 24, 2022 • Mohammed Al-Barbari

This blog will be updated with more information about the vulnerability and the exploitation once the CVE is assigned.

Discovered by: Mohammed Fadhl Al-Barbari

CVE-ID : `CVE-2022-28081`

Vendor : `https://www.ar-php.org/`

Vulnerability type : `Cross-Site Scripting`

Verified on : `arPHP 3.6.0`

Description :

Cross-Site Scripting vulnerability was found in arPHP examples. The affected script takes parameters without any filtration. an attacker could execute any JS code or inject an HTML page.

POCs : `Will be avaliable soon`

Follow us:

Twitter:
Mohammed Al-Barbari

LinkedIn:
Mohammed Al-Barbari