XSS vulnerability through a URL parameter
An attacker can send a user to a malicious URL that has the search term parameter with some JavaScript that gets rendered and executed on the page as is.
The search term is not escaped or encoded in anyway so you can terminate the variable and add any arbitrary JS. The example below shows an alert dialog being triggered with the browser's cookie.
There is some kind of server-side XSS detection as certain requests wth script tags and common event attributes triggered a 502 error
<div class="docsearch">
<label for="keywords">Name/Keywords</label><br/>
<input type="text" id="keywords" name="keywords" value="" onmouseover="function b(){ alert(JSON.stringify(document)) };b()" size="50" maxlength="50" />
</div>
Reported Fixed Unknown
Back