XSS vulnerability through search form.
The search query is sent as a GET parameter and escaped correctly in HTML when rendering the search form and in loads of places in JavaScript, except for once in what appears to be a tool called RichRelevance. This allows code to be rendered directly from a malicious URL.
R3_SEARCH.setTerms('Bob');alert('bob');
Reported Fixed
Back