I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.
If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.
On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).
But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.
I don't think that strip_tags is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?
The text was updated successfully, but these errors were encountered: