Closed terrymun closed 7 years ago
In several parts of the site, the form is outputting un-escaped HTML, which introduces an XSS vulnerability.
Test string to be used in query string to mimic XSS attack: %22%3E%3Csvg%2Fonload%3Dalert(%27XSS%27)%3E
%22%3E%3Csvg%2Fonload%3Dalert(%27XSS%27)%3E
In several parts of the site, the form is outputting un-escaped HTML, which introduces an XSS vulnerability.
Test string to be used in query string to mimic XSS attack:
%22%3E%3Csvg%2Fonload%3Dalert(%27XSS%27)%3E