Version: Tested on:
- 6.0.0
- 6.0.2
- 6.0.3
Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es
Description:
Input passed to the search query in the Xml Content Demo search engine isn't properly sanitised. This can be
exploited to conduct cross-site scripting attacks.
Example:
Original advisory:
http://www.eazel.es/media/advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.html