klask-io project is vulnerable against a
reflected XSS occurring in the
search functionality. The
#search URI part is reflected without proper sanitization inside the
search result page, leading to
HTML injection and consequent
This vulnerability allows an attacker to inject malicious HTML/JS inside the page through a maliciously crafted URL which can be then spammed in a forum or be sent through targeted phishing to the victim, having access to the DOM.