Security Vulnerabilities Reported


XSS vulnerability through store locator results page.

The search query is sent as a GET parameter and is not escaped within the form input, this allows code to be rendered directly from a malicious URL.

<input class="form-control" placeholder="e.g. Liverpool, L3 8JA" type="text" name="location" id="location" value="" onclick=alert(document.cookie)" id="">

Reported Fixed