Security Vulnerabilities Reported


XSS vulnerability through search results page.

The search query is sent as a GET parameter and although escaped correctly in the HTML form, it is not escaped within a block of JavaScript. This allows code to be rendered directly from a malicious URL.

 var pageOptions = {
          'pubId' : 'pub-8303766899021786',
          'query' : ''};alert(document.cookie);var b = {'bob':' freelance',
        'channel' : '6264613588'

Reported Fixed