I think this might have an XSS vulnerability; need to sanitize the user input.
https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
PHP's FILTER_SANITIZE_EMAIL should probably take care of the worst.
FILTER_SANITIZE_EMAIL
Anything else can just hard fail.
Just to explicated; tested successfully blocking:
index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E
I think this might have an XSS vulnerability; need to sanitize the user input.
https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
PHP's
FILTER_SANITIZE_EMAIL
should probably take care of the worst.Anything else can just hard fail.
Just to explicated; tested successfully blocking:
index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E