The staff search page does not sanitise the input of the ID field allowing an XSS attack to be executed.
Code:
Posted Mo BeigiMohammadG in XSS
Views: 902
Tags: cse.unsw.edu.au, search, xss
Δ