A security researcher WilyXem from spain has discovered Reflected cross site scripting vulnerability in SourceForge(sourceforge.net).
SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.
The vulnerability exists in the job finding page of sourceforge. The developer fails to validate input coming frin the text box that allows user to search jobs.
This left the text field vulnerable to attack.
The poc code:
sourceforge.net/jobs?age=1&text=1%22%3E%3Cscript%3Ealert%28%22WilyXem%20==%20UnderC0de.org%22%29%3C/script%3E&zip=10003&submit=Search
SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.
The vulnerability exists in the job finding page of sourceforge. The developer fails to validate input coming frin the text box that allows user to search jobs.
This left the text field vulnerable to attack.
The poc code:
sourceforge.net/jobs?age=1&text=1%22%3E%3Cscript%3Ealert%28%22WilyXem%20==%20UnderC0de.org%22%29%3C/script%3E&zip=10003&submit=Search