Reflected XSS in save_rating.php

#### Summary
Reflected XSS in save_rating.php

#### Details
The POST parameter stars in the star_rating_saves/save_rating.php file is output to the page via json encoding. However, there is still a risk that dangerous characters are not fully filtered out.
https://github.com/jstolpe/blog_code/blob/master/star_rating_saves/save_rating.php#L30
star_rating_saves/save_rating.php

#### Poc
POST
stars=`<a href=javascript:alert(document.cookie)>`

![Image](https://github.com/user-attachments/assets/014765a0-3e72-4d5e-8741-280d3c2545dc)

#### Impact
XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution.

If you have any other questions, you can contact me through my email snow1nd3xf@gmail.com.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Reflected XSS in save_rating.php #11

Summary

Details

Poc

Impact

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Reflected XSS in save_rating.php #11

Description

Summary

Details

Poc

Impact

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions