Security Vulnerabilities Reported


XSS vulnerability through the search results page.

The search query is sent as a GET parameter and is not escaped when rendered in the search form on the page, neither in a javascript tag or in the HTML value attribute. This allows code to be executed directly from a malicious URL.

There was some protection where the site returned a 403 if you attempted to put onload or onhover events. This a bad case of trying to whitelist specific JavaScript events in an attempt to prevent XSS.

<form name="Search" action="javascript:startSearch( document.getElementById('search').value, 'bob');alert('bob');startSearch('bob', null, '#search', true )">
	<div class="large-12 arial columns">
		<div class="small-box-9 columns">
			<input title="search" class="no-bottom" id="search" type="search" size="21"
				maxlength="120" value='bob');alert('bob');startSearch('bob' name="vgnextkeyword"
				onblur="if(this.value == ''){this.value ='bob');alert('bob');startSearch('bob'}" />
		<div class="small-box-3 columns">
			<button class="button" type="submit">Search</button>

Reported Fixed Unknown