XSS Vulnerability #30
Description
A Cross-Site Scripting (XSS) vulnerability exists in s.php of the pkgdoc GitHub repository. The s parameter is improperly sanitized before being embedded in the HTML output. An attacker can exploit this vulnerability by tricking users into visiting a crafted URL containing malicious JavaScript, which will be executed in the victim’s browser. This can lead to unauthorized access to sensitive information, session hijacking, or content manipulation.
Example proof-of-concept: [DOMAIN]/s.php?s=<script>alert('XSS')</script>