DevHeads.net

Bug #76087 [NEW]: Reflected XSS via POST on /mailing-lists.php

Operating system: All
PHP version: Irrelevant
Package: Website problem
Bug Type: Bug
Bug description:Reflected XSS via POST on /mailing-lists.php

Description:
Bug: <?php echo $_POST['email']; ?>
Patch: <?php echo clean($_POST['email']); ?>

Affects php.net and secure.php.net
Tested in Firefox 58.0.2

Test script:
secure.php.net:
<a href="https://alt3r.eg0.ru/p0c5/cd12b353bf6159000c195d28da29bbd6.html" title="https://alt3r.eg0.ru/p0c5/cd12b353bf6159000c195d28da29bbd6.html">https://alt3r.eg0.ru/p0c5/cd12b353bf6159000c195d28da29bbd6.html</a>