team4alfanous team mailing list archive
-
team4alfanous team
-
Mailing list archive
-
Message #00371
[Bug 939115] Re: the url "http://alfanous.org/?search=" does not filter input and accepte js code
** Changed in: alfanous
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Alfanous
team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/939115
Title:
the url "http://alfanous.org/?search=" does not filter input and
accepte js code
Status in Alfanous - Advanced Quranic Search Engine:
Fix Released
Bug description:
When some one do a search like http://alfanous.org/?search="test" the word test is
printed in the page without proper encoding and the parameter search does not filter
what it take as kayword, example if you replace "test" by "<script>alert(1)</script>"
you'll see the result, so the website is vulnerable to the most basic xss attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/alfanous/+bug/939115/+subscriptions
References