We're updating the issue view to help you get more done. 

XSS Vulnerability

Description

There is a XSS vulnerability in the public interface search. The following URL is an example of the issue. It looks like inputs are not sanitized. This is an issue even in 2.6.0.

https://scrcguides.libraries.wm.edu/search?q%5B%5D=%22Benjamin%20Stoddert%20Ewell%22&op%5B%5D=1&field%5B%5D=1&from_year%5B%5D=1&to_year%5B%5D=1%22%3E%3Cscript%3Ealert(150)%3C/script%3E&limit=resource&utf8=%E2%9C%93&commit=Search

Environment

None

Status

Assignee

Unassigned

Reporter

Justin Dalton

Labels

Affects versions

2.6.0

Priority

Major