Hello, it seems that Yioop is vulernable to XSS attacks. Neither Quotes nor the < Symbol are escaped decently... Please check yourself: https://www.seekquarry.com/?its=0&q=php+%22test%22 The quotes are not shown in the search field again, as they are not written as &quot; and https://www.seekquarry.com/?its=0&q=php+%3C even messes up the output of the search results. Is there a fix available (also for Version 6)? Kind regards, Harald

-- Yioop XSS vulnerability

You can easily test it here: https://pentest-tools.com/website-vulnerability-scanning/xss-scanner-online# There are several URLs with vulnerabilities found if I check for instance https://www.yioop.com/ I created a wrapper for out website that filters out the requests and results, but I think it would make sense to fix the original code. Kind regards, Harald

-- Yioop XSS vulnerability

Hey Harald, Thanks for pointing out this vulnerability. I am wrapping up the semester here, and my laptop where I write my code just died, so I am somewhat slowed down. Given this I should have a fix in maybe two weeks. Best, Chris

-- Yioop XSS vulnerability

I have updated both V7 and v6 on Seekquarry with a fix. Best, Chris

-- Yioop XSS vulnerability

Thank you so much! Take care, Harald