Fluid Dynamics Search Engine 2.0 Cross Site Scripting Vulnerability

2014-07-01T00:00:00
ID SSV:75434
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/5199/info

Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine and is maintained by Zoltan Milosevic.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in a search results page. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.

http://www.xav.com/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&Rank=<br><h1>XSS</h1>