Edward Kiledjian's Threat Intel

12 Feb, 2025

Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 Reflections | by Renwa | Feb, 2025 | Medium

A reflected XSS vulnerability was discovered in the main site search, bypassing a WAF and HTML sanitizer using two reflections of the input. The exploit involves injecting an with an onload event and manipulating the window.name attribute to execute JavaScript code.</p> </div> <script type="text/javascript" src="https://micro.blog/conversation.js?url=https%3a%2f%2fthreatintel.cc%2f2025%2f02%2f12%2freflected-xss-in-main-search.html"></script> <p> </p> </div> </main> <footer><div class="made-with"><a href="https://bearblog.dev">ʕ•ᴥ•ʔ Bear</a> </div> </footer> <script src="/js/external-links.min.js?1753195536"></script> </body> </html>