XSS vulnerability through a search results page.
The search query is sent as a GET parameter and although escaped correctly in the HTML form, it is not escaped when including as a parameter in script tag URL. This allows code to be executed directly from a malicious URL.
<script src="https://api.superfastmaps.co.uk/openreach/embed/js/fireitup.js?v=1.1&autocheck=" onload="alert(document.cookie)"></script>
Reported Fixed
Back