Security Vulnerabilities Reported

FIXED elc.co.uk

elc.co.uk

XSS vulnerability through search form.

The search query is sent as a GET parameter and escaped correctly in HTML when rendering the search form and in loads of places in JavaScript, except for once in what appears to be a tool called RichRelevance. This allows code to be rendered directly from a malicious URL.

Reported Fixed

Back