U.S. Dept Of Defense: [█████] — DOM-based XSS on endpoint `/?s=`

ID H1:708592
Type hackerone
Reporter usamasood
Modified 2019-12-02T20:02:45



GET parameter s is vulnerable to DOM-based XSS on endpoint /?s=. XSS affects all users and no authentication or login is required.

Proof of Concept

Visit the following URL for PoC:




This DOM-based XSS vulnerability is due to lack of sanitization on the input fetched via search input field.

Responsible JS file for this issue is: https://██████/wp-content/themes/iase/js/search.js

On line 12, var $search = ... is getting input from the Search field but there is no sanitization for single quote which leads to this XSS vulnerability when it is appended.



An attacker can take over an account of an authenticated user by stealing any anti-CSRF tokens and using that token to takeover an account.