CVE-2021-43690
Description
YurunProxy v0.01 is vulnerable to reflected XSS because unsanitized socket input is printed in an error message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
YurunProxy v0.01 is vulnerable to reflected XSS because unsanitized socket input is printed in an error message.
Vulnerability
YurunProxy v0.01 contains a reflected Cross-Site Scripting (XSS) vulnerability in src/Client.php. The exit function in src/ClientWorker.php::initResponse() prints an error message containing the value of $data['message'] without any sanitization. This value originates from socket input parsed in src/ClientParser.php::parseData() [1]. The vulnerability affects the entire v0.01 release.
Exploitation
An attacker with network access to the proxy socket can send a crafted JSON payload (e.g., a response with {"success": false, "message": ""}) that triggers the error path [1]. When the client processes this malicious response, the unsanitized message is printed via exit(), allowing JavaScript execution if the output is rendered in a browser context.
Impact
Successful exploitation leads to reflected Cross-Site Scripting (XSS), enabling an attacker to execute arbitrary JavaScript in the context of the application's output. This could be used to steal cookies, session tokens, or perform actions on behalf of the user if the output is viewed in a browser [1].
Mitigation
As of the latest reference [1], no official fix has been released. Users should avoid exposing the YurunProxy service to untrusted networks or apply input sanitization to the message field before using it in the exit function. Input validation and output encoding are recommended until a patch is issued.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YurunProxy/YurunProxydescription
- Range: =0.01
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing output sanitization in `exit()` call allows attacker-controlled socket data to be printed as raw HTML/JavaScript."
Attack vector
An attacker who controls the socket data sent to the YurunProxy client can inject arbitrary JavaScript into the `message` field of the JSON response. When the server returns a response with `"success": false`, the `initResponse` method calls `exit('Error: ' . $data['message'])`, which prints the attacker-controlled message directly into the HTTP response without escaping. A victim viewing the output in a browser will have the injected script executed, leading to Cross-Site Scripting (XSS). [ref_id=1]
Affected code
The vulnerability is in `src/ClientWorker.php` at line 98, where the `initResponse` method calls `exit('Error: ' . $data['message'])`. The `$data['message']` value originates from `socket_read` in `src/Client.php` (line 30), passes through `src/ClientParser.php`'s `parseData` method (which decodes JSON), and is then printed unsanitized. [ref_id=1]
What the fix does
The advisory does not include a published patch. The remediation would require escaping or sanitizing the `$data['message']` value before passing it to `exit()`, or avoiding the use of user-controlled data in the `exit()` message entirely. The developer should apply output encoding appropriate for the context (e.g., `htmlspecialchars()` if the output is rendered in HTML) to prevent script injection. [ref_id=1]
Preconditions
- networkThe attacker must be able to send crafted socket data to the YurunProxy client.
- inputThe victim must view the output of the client in a browser (or other HTML-rendering context).
Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/Yurunsoft/YurunProxy/issues/3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.