Reflected XSS in instagram_graph_api/paging.php via limit parameter -- 2 #13
Description
Recently, our team found a reflected cross-site scripting (XSS) vulnerability The vulnerability logic is present in the file:
https://github.com/jstolpe/blog_code/blob/master/instagram_graph_api/paging.php#L148
The echo directly outputs the parameter $_GET['limit'] without any sanitization. This makes it susceptible to Cross-Site Scripting (XSS) attacks. As a result, attackers can exploit this vulnerability by injecting malicious html code with $_GET['limit']. To fix this vulnerability, we recommend that developers implement proper sanitization (e.g., htmlspecialchars()) for user input before displaying it on the webpage.