Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12981
HistoryJun 05, 2006 - 12:00 a.m.

Timberland Search XSS Vulnerability

2006-06-0500:00:00
vulners.com
9

There's a vulnerability in Timberland's search engine.

The variable 'keywords' in searchHandler/index.jsp is not correctly sanitized.

URL:
hxxp://www.timberland.com/searchHandler/index.jsp?keywords=[XSS Code]

Example:
hxxp://www.timberland.com/searchHandler/index.jsp?keywords=<script>alert('test');</script>

Author: O.G.