I identified a cross-site scripting (XSS) vulnerability. The search terms are output as-is without proper filtering using htmlentities. Please read http://phpmaster.com/php-security-cross-site-scripting-attacks-xss/ to see how the attack works and things you can do to fix it.
On my version of Chromium (25.0.1364.97) there seems to be a protection mechanism against XSS, but I managed show a simple alert on Firefox 19.0.
I identified a cross-site scripting (XSS) vulnerability. The search terms are output as-is without proper filtering using htmlentities. Please read http://phpmaster.com/php-security-cross-site-scripting-attacks-xss/ to see how the attack works and things you can do to fix it.
On my version of Chromium (25.0.1364.97) there seems to be a protection mechanism against XSS, but I managed show a simple alert on Firefox 19.0.
The trigger:
< http://www.gradschoolsearch.org/search.php?q=%22%3E%3Cdiv%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E%3Ca%20href=%22 >