RSS XSS Vulnerability

03 Sep 2014

The help document search form on does not correctly sanitise user input allowing an XSS attack to be executed.

The follow symbols are converted to to their URL encoded counterparts: ‘<‘, ‘>‘, ‘/
Evasion string used (before encoding):  /><script>alert(/XSS/)</script> XSS Vulnerability

No Comments

Posted in XSS


Leave a Reply