The web application is vulnerable to a non-persistent cross-site scripting (XSS) attack. This vulnerability arises when the website returns some input it receives via a user-supplied parameter (such as a search query) as part of a subsequent response, without sanitizing that input first. As a result, any malicious JavaScript supplied in that parameter is "reflected" back into the user's browser, where it is then executed.
Severity: Medium
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.9
Recommendation: Ensure that user input is sanitized (i.e. has HTML/JavaScript removed) before it is included in subsequent responses.
The web application is vulnerable to a non-persistent cross-site scripting (XSS) attack. This vulnerability arises when the website returns some input it receives via a user-supplied parameter (such as a search query) as part of a subsequent response, without sanitizing that input first. As a result, any malicious JavaScript supplied in that parameter is "reflected" back into the user's browser, where it is then executed.
Severity: Medium
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.9
Recommendation: Ensure that user input is sanitized (i.e. has HTML/JavaScript removed) before it is included in subsequent responses.