Security Vulnerabilities Reported


XSS vulnerability through a search results page.

The search query is sent as a GET parameter and although escaped correctly in the HTML form, it is not escaped when including as a parameter in script tag URL. This allows code to be executed directly from a malicious URL.

<script src=";autocheck=" onload="alert(document.cookie)"></script>

Reported Fixed