DOM XSS

[flowelx]

Description:
DOM-based Cross-Site Scripting (XSS) vulnerability in the search functionality. Malicious iframe injection is possible and executes in user's browser.

Solution:
Use Content Security Policy (CSP) headers.
Validate and filter HTML tags from search queries.