search

sruupl / batflat

Lightweight, fast and easy CMS for free. Bootstrap ready. https://batflat.org
MIT License
135 stars 54 forks source link

Reflective XSS in searchbox module #54

Closed timstoffel closed 5 years ago

timstoffel commented 5 years ago

Hello, in the Searchbox module exists a reflexive XSS vulnerability.

Example: URL/search/%3C%2Ftitle%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3Ctitle%3E

I fixed it.

w3bd3mon commented 5 years ago

I had reported this 2 years back. Don't understand why this is not patched.

On Mon, Jun 17, 2019, 21:51 Paweł Klockiewicz notifications@github.com wrote:

Merged #54 https://github.com/sruupl/batflat/pull/54 into master.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/pull/54?email_source=notifications&email_token=AHLVJTB3NJ6IEKCU37TEFFDP262YBA5CNFSM4HYYHHM2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSARFMKI#event-2418169385, or mute the thread https://github.com/notifications/unsubscribe-auth/AHLVJTFZLBI2KUC23DOVPZDP262YBANCNFSM4HYYHHMQ .