, XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Resolved

Resolved: Search Query XSS in 
Reported a while back and fixed more recently.

Does your Site have a Search Box? Test for XSS.
Does your Site use Omniture Tracking Code? Test for XSS.

Once upon a time, had Search Form XSS in the q Param due to the “old and vulnerable Omniture Code” that allowed Injection to any Site containing the Omniture Tracking Code.

The Search Query was contained in the Application Response from the Omniture JavaScript Code.

Example Response:”eventxxxx”

Javascript Injection in Search Form in
Resolved: Search Query XSS in