html injection on https://demo.microweber.org/demo/search.php?keywords= in microweber/microweber

Valid

Reported on

Sep 8th 2022


Description

hello team, I found an HTML injection on https://demo.microweber.org/demo/search.php?keywords=

Proof of Concept

https://demo.microweber.org/demo/search.php?keywords=ABC%3Cdiv%20style=%22%3E%3Cmarquee%3E%3Ch1%3Eyou%20are%20been%20hacked%20%3C/h1%3E%3C/marquee%3E

Impact

An attacker can use HTML injection to redirect the victim to their malicious site.

We are processing your report and will contact the microweber team within 24 hours. 15 days ago
We have contacted a member of the microweber team and are waiting to hear back 14 days ago
We have sent a follow up to the microweber team. We will try again in 7 days. 11 days ago
We have sent a second follow up to the microweber team. We will try again in 10 days. 4 days ago
Peter Ivanov validated this vulnerability 3 days ago
Anupam Singh has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov confirmed that a fix has been merged on 68f072 3 days ago
Peter Ivanov has been awarded the fix bounty
to join this conversation