CVE-2017-6538

Name of the Vulnerable Software and Affected Versions webpagetest version 3.0

Description A Cross-Site Scripting (XSS) issue exists due to insufficient filtration of user-supplied data, specifically video data, passed to the "webpagetest-master/www/speedindex/index.php" URL. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For webpagetest version 3.0, consider disabling the affected index.php page or restricting access to it until a proper fix is applied, and ensure proper filtration of user-supplied data to prevent arbitrary code execution.