Closed timstoffel closed 5 years ago
I had reported this 2 years back. Don't understand why this is not patched.
On Mon, Jun 17, 2019, 21:51 Paweł Klockiewicz notifications@github.com wrote:
Merged #54 https://github.com/sruupl/batflat/pull/54 into master.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/pull/54?email_source=notifications&email_token=AHLVJTB3NJ6IEKCU37TEFFDP262YBA5CNFSM4HYYHHM2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSARFMKI#event-2418169385, or mute the thread https://github.com/notifications/unsubscribe-auth/AHLVJTFZLBI2KUC23DOVPZDP262YBANCNFSM4HYYHHMQ .
Hello, in the Searchbox module exists a reflexive XSS vulnerability.
Example: URL/search/%3C%2Ftitle%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3Ctitle%3E
I fixed it.