There is a DOM XSS vulnerability in the search feature.
It uses an innerHTML assignment. The innerHTML sink doesn't accept script elements on any modern browser, nor will svg onload events fire.
innerHTML
script
svg onload
We can counter this by using this payload:
Which loads an image from an invalid source and then calls the alert function when an error is triggered
alert
Last updated 9 months ago
<img src=1 onerror=alert('pwned')>
