XSS vulnerability through search form.
The search query is sent as a GET parameter and escaped correctly when rendering the search form, however it is not escaped on a later hidden form allowing code to be rendered directly from a malicious URL.
Reported Fixed
Back