Details
-
Bug
-
Resolution: Cannot Reproduce
-
Critical
-
None
-
1.3.1
-
None
-
-
Empty show more show less
Description
HTML content is not escaped in the two search fields in the default STK site (the default one at the top, and the one on the bottom on the results page).
E.g, search for
"><script>alert("xss");</script>
This works on the live Magnolia-cms.com site:
Related to issue MGNLSTK-617
Checklists
Acceptance criteria
Attachments
Issue Links
- duplicates
-
MGNLSTK-617 Possible content hi-jack via pre-filled search value entry
-
- Closed
-