>> SearchFeed Search Engine Script "REQ" Cross Site Scripting Issue
Title : SearchFeed Search Engine Script "REQ" Cross Site Scripting Issue VUPEN ID : VUPEN/ADV-2005-2609 CVE ID : CVE-2005-3866
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-11-28
Technical Description
A vulnerability has been identified in SearchFeed Search Engine Script, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in the search module when processing a specially crafted "REQ" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
