team4alfanous team mailing list archive

[z <zendyani@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

When some one do a search like http://alfanous.org/?search="test"; the word test is 
printed in the page without proper encoding and the parameter search does not filter
what it take as kayword, example if you replace "test" by "<script>alert(1)</script>"
you'll see the result, so the website is vulnerable to the most basic xss attack.

** Affects: alfanous
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Alfanous
team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/939115

Title:
  the url "http://alfanous.org/?search="; does not filter input and
  accepte js code

Status in Alfanous  - Advanced Quranic Search Engine:
  New

Bug description:
  When some one do a search like http://alfanous.org/?search="test"; the word test is 
  printed in the page without proper encoding and the parameter search does not filter
  what it take as kayword, example if you replace "test" by "<script>alert(1)</script>"
  you'll see the result, so the website is vulnerable to the most basic xss attack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/alfanous/+bug/939115/+subscriptions