TorrentFlux =93file=94 Script Insertion
Cross Site Scripting
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.
Input passed to the =93file=94 variable is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator=92s browser session in context of an affected site when the =93Activity Log=94 is viewed. An example is attempting to login with an incorrect username or password. Where the username field of /login.php contains the arbitrary code.
The vulnerability has been confirmed in version 2.1. Other versions may also be affected.
Edit the source code to ensure that input is properly sanitised.
$output .= htmlentities($file, ENT_QUOTES);