debenhamsweddingstationery.co.uk
XSS vulnerability through the search results page.
The search query is sent as a GET parameter and is not escaped when rendered on the search results page. This allows code to be executed directly from a malicious URL.
<h1 class="block-heading">You searched for "<img src=x onerror=alert(document.cookie)>bob"</h1>
Reported Unknown Won't Fix
Back