BUG: XSS vulnerability

<hidden> anonymous
Created: 3 years and 12 days ago • Updated: 3 years and 12 days ago
It has a XSS vulnerability when I type for "<script>...</script>" and "site:" with any information appended.

For example:
<script>alert("DUCK");</script> site:www

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


tagawa
Well spotted. I've reported it here: https://duck.co/feedback/bug/-
posted by tagawa Staff3 years and 11 days ago Link
tagawa
Update: Looks like this has been fixed now.
posted by tagawa Staff3 years and 11 days ago Link
anonymous
Thanks for reporting in the right way!
posted by <hidden> • 3 years and 11 days ago Link
zac
This is fixed! Thanks for reporting and thanks for @tagawa for doing so as well.
posted by zac Staff3 years and 11 days ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 3 years and 10 days ago