CVE-2011-5040

Step 1: Payload Delivery: The attacker crafts a malicious URL containing a specially crafted config parameter. This parameter includes the XSS payload (e.g., <script>alert('XSS')</script>). Step 2: Request Submission: The attacker sends the malicious URL to a target user, often through phishing, social engineering, or by embedding it in a website or email. Step 3: Server Processing: The vulnerable nalozi_naslov.php or widget.dokumenti_lista.php script receives the request and retrieves the value of the config parameter. Step 4: Unsanitized Output: The script directly incorporates the attacker-controlled config parameter's value into the HTML response without proper sanitization or encoding. Step 5: Browser Execution: The victim's browser receives the HTML response, which now includes the attacker's malicious JavaScript code. The browser then executes the JavaScript code, leading to the XSS attack.

The vulnerability stems from insufficient input validation and output encoding of the config parameter in nalozi_naslov.php and widget.dokumenti_lista.php. The application fails to properly sanitize user-supplied input before incorporating it into the HTML response. This allows attackers to inject arbitrary HTML and JavaScript code, which is then executed by the victim's browser. The root cause is a lack of input validation and output encoding (e.g., HTML entity encoding) for the config parameter. Specifically, the application likely directly embeds the config parameter's value into the HTML without escaping special characters like <, >, and ". This allows an attacker to inject malicious JavaScript code within <script> tags or HTML attributes like onclick or href.