BUG: XSS vulnerability

<hidden> anonymous
Created: 3 years and 3 months ago • Updated: 3 years and 3 months ago
It has a XSS vulnerability when I type for "<script>...</script>" and "site:" with any information appended.

For example:
<script>alert("DUCK");</script> site:www

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


tagawa
Well spotted. I've reported it here: https://duck.co/feedback/bug/-
posted by tagawa Staff3 years and 3 months ago Link
tagawa
Update: Looks like this has been fixed now.
posted by tagawa Staff3 years and 3 months ago Link
anonymous
Thanks for reporting in the right way!
posted by <hidden> • 3 years and 3 months ago Link
zac
This is fixed! Thanks for reporting and thanks for @tagawa for doing so as well.
posted by zac Staff3 years and 3 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 3 years and 3 months ago