Details
Description
Marcino,
I believe we fixed this for password request, but it seems that we missed this one for when a user change its password.
As we are passing the key as a get parameter and then we print that, it is possible for an attacker to embed some XSS:
http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E
Can you please change the logic of this or sanitize the variable before displaying it on the page?
Credit goes to Nikola Kojic from RAS-IT company for reporting this.
I believe we fixed this for password request, but it seems that we missed this one for when a user change its password.
As we are passing the key as a get parameter and then we print that, it is possible for an attacker to embed some XSS:
http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E
Can you please change the logic of this or sanitize the variable before displaying it on the page?
Credit goes to Nikola Kojic from RAS-IT company for reporting this.