wowthemesnet / mediumish-theme-jekyll

Jekyll Template - Mediumish
https://wowthemesnet.github.io/mediumish-theme-jekyll/
MIT License
1.31k stars 1.54k forks source link

Security Issue (Cross-Site Scripting a.k.a XSS) #206

Closed beyrakIn closed 1 year ago

beyrakIn commented 1 year ago

Security Vulnerability

There is Cross-SIte Scripting on this theme. When you try to search posts if you enter any HTML or js script code it does not filter it or al it does not HTML encode special characters.

Example payload:

It would be best if you sanitized input or HTML encoded all special characters