Security Vulnerabilities Reported


XSS vulnerability through search form.

The search query is sent as a GET parameter and escaped correctly in HTML when rendering the search form and in loads of places in JavaScript, except for once in what appears to be a tool called RichRelevance. This allows code to be rendered directly from a malicious URL.


Reported Fixed