css vulnerability

Hi,

Could you please, share with us more details about the CSS vulnerability (you can share the screenshot of the issue)

Maybe I have not understand correctly is it Security Vulnerability not the CSS Vulnerability?

Thanks. Have a nice day.

Hello,
here is the original message:
Dear Sir/Madam,
I would like to report a XSS vulnerability that I have found on the alsoisp.de website. The
discovered vulnerability occurs because of incorrectly validated user input in the search function.
The vulnerability has been tested with the latest version of Firefox on Linux (Firefox 58.0.2 64-bit).
Reproduction
Go to: https://alsoisp.de/buchhaltung/
Enter the following XSS payload as search query:
“–!>
The JavaScript dialog will pop-up:
When we look at the source code we can see the JavaScript that was executed by the browser:
Mitigation
My recommendation would be to filter the search input for special characters used in HTML and
JavaScript.
I hope that my findings and report can contribute to a better and more secure website of the alsoisp
organization.

Enter the following XSS payload as search query:

// . “–!> //

I hope we see the query here in your Ticketsystem. In the post before, the query was interpretet.

I can’t send you the query here, please give me a mail to sent it.

Hi,

Please contact our support team using the following email address: [email protected]

Please, mention the URL of this forum topic in your message. We will provide a solution as soon as possible and share it here as well.

Thanks. Have a nice day.

Hi,

Please, be informed that the security issue has been fixed and the plugin has been updated.

Thanks. have a nice day.