-
Bug
-
Resolution: Cannot Reproduce
-
Critical
-
None
-
1.3.1
-
None
-
-
Empty show more show less
HTML content is not escaped in the two search fields in the default STK site (the default one at the top, and the one on the bottom on the results page).
E.g, search for
"><script>alert("xss");</script>
This works on the live Magnolia-cms.com site:
Related to issue MGNLSTK-617
Acceptance criteria
- duplicates
-
MGNLSTK-617 Possible content hi-jack via pre-filled search value entry
- Closed