XSS vulnerability_1

[xjzzzxx]

Hello,

I would like to report for a xss vulnerability in openflights.

The path of the vulnerability.

In file https://github.com/jpatokal/openflights/blob/master/php/settings.php

$type = $_POST["type"];		//Line 6
...
die("0;" . sprintf(_("Unknown action %s"), $type));		//Line 60

We see that there is no check between the input $_POST["type"] and the output(Line 60)

Thus the XSS will happen at die("0;" . sprintf(_("Unknown action %s"), $type));

Poc:

POST type=<script>alert('xss')</script>

Manual verification:

[ouuan]

It seems that the maintainers don't care much about security:

Only the most critical two are silently fixed.

[ouuan]

Have you tried reaching out to the maintainers in private? It's generally best to avoid publicly disclosing security vulnerabilities initially. Instead, we should report them privately and give the maintainers a chance to respond and address the issues. If they don't respond or fail to coordinate on fixing the problems, then full disclosure might be considered. However, since I have already attempted this, public disclosure is probably acceptable now.

[ouuan]

@xjzzzxx Well, I just checked your profile and saw a bunch of public issues about security vulnerabilities. I guess you should take a look at how responsible disclosure works.