OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting

Version: Tested on: - 6.0.0 - 6.0.2 - 6.0.3 Discovered by: jaime.blascoateazeldot.es http://www.eazel.es Description: Input passed to the search query in the Xml Content Demo search engine isn't properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example:...