Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 Reflections | by Renwa | Feb, 2025 | Medium
A reflected XSS vulnerability was discovered in the main site search, bypassing a WAF and HTML sanitizer using two reflections of the input. The exploit involves injecting an with an onload event and manipulating the window.name attribute to execute JavaScript code.</p> </div> <div class="about"> <div class="about__devider">*****</div> <div class="about__text"> Written on <a href="https://threatintel.cc/2025/02/12/reflected-xss-in-main-search.html" class="u-url"><strong><time class="dt-published" datetime="2025-02-12 21:52:12 -0500">12 February 2025</time></strong></a> </div> </div> </div> <script type="text/javascript" src="https://micro.blog/conversation.js?url=https%3a%2f%2fthreatintel.cc%2f2025%2f02%2f12%2freflected-xss-in-main-search.html"></script> </div> <script src="/assets/vendor/highlight/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script> </body> </html>