When entering JavaScript into a search field, the resulting search results page correctly shows the escaped version of the text (due to the XSS Filter Extension).
However when viewing the log of performed searches the JavaScript is successfully executed, opening a XSS vulnerability.
When entering JavaScript into a search field, the resulting search results page correctly shows the escaped version of the text (due to the XSS Filter Extension).
However when viewing the log of performed searches the JavaScript is successfully executed, opening a XSS vulnerability.