Opportunistic Use of htmlspecialchars() in wg7.php Leads to XSS Vulnerability

Opportunistic Use of htmlspecialchars() in wg7.php Leads to XSS Vulnerability

CVE-2018-19509 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.

Learn more about our Web App Pen Testing.