Reflected XSS via h GET parameter

[ROBOT-X-cyber]

Vulnerable PHP File

https://github.com/ganglia/ganglia-web/blob/master/graph_all_periods.php

Vulnerable GET Parameter: 'h'

line 16 of graph_all_periods.php file

$data->assign("h", isset($_GET['h']) ? sanitize($_GET['h']) : NULL);

Root Cause:

sanitize() function at line 353 of file location (https://github.com/ganglia/ganglia-web/blob/master/functions.php) is not properly implemented to handle all kinds of malicious user inputs.

Secure Code Suggestion:

Use htmlspecialchars() function to safely and securely sanitize all user inputs

PHP Secure Coding Guide:
https://www.capitalnumbers.com/blog/secure-php-applications-detailed-guide/

Note: I found this vulnerable parameter while I was testing a university for vulnerabilities as an external security researcher, I reported to them as well through email, but no response yet since august,2024

POC:

https://redacted[.]com/ganglia/graph_all_periods.php?c=Biocluster&h=')"><img src=0 onerror=prompt();>&r=hour&z=default&jr=&js=&st=1714943113&v=33553404&m=swap_free&vl=KB&ti=Free Swap Space&z=large

Payload Used:

')"><img src=0 onerror=prompt();>

Screenshot Proof:

CVE Request

Also will this be assigned a CVE with the author name?