Subject Search Server Search For Variable HTML Injection Vulnerability

info
discussion
exploit
solution
references

Subject Search Server Search For Variable HTML Injection Vulnerability

Subject Search Server is prone to an HTML injection vulnerability.

The source of this issue is that HTML and script code is not properly sanitized from user-supplied input before being output in a dynamically generated Web page. The malicious input may then be rendered in the browser of the user who visits the page containing the input.