Title: css vulnerability Last modified: February 16, 2018 --- # css vulnerability * Resolved [alsoisp](https://wordpress.org/support/users/alsoisp/) * (@alsoisp) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/) * Today OpenBugBounty wrote us a mail, that we have a css vulnerability problem with the searchfield from Spider-Faq. * One resolution is, to filter some Signs in the Searchfield. Can anyone tell me, where the Searchfield is located and where we should enter the Filter for the Symbols? * Best regards * Stephan * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcss-vulnerability%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * [WD Support](https://wordpress.org/support/users/wdsupport/) * (@wdsupport) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-9989808) * Hi, * Could you please, share with us more details about the CSS vulnerability (you can share the screenshot of the issue) * Maybe I have not understand correctly is it Security Vulnerability not the CSS Vulnerability? * Thanks. Have a nice day. * Thread Starter [alsoisp](https://wordpress.org/support/users/alsoisp/) * (@alsoisp) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-9992894) * Hello, here is the original message: Dear Sir/Madam, I would like to report a XSS vulnerability that I have found on the alsoisp.de website. The discovered vulnerability occurs because of incorrectly validated user input in the search function. The vulnerability has been tested with the latest version of Firefox on Linux (Firefox 58.0.2 64-bit). Reproduction Go to: [http://alsoisp.de/buchhaltung/](http://alsoisp.de/buchhaltung/) Enter the following XSS payload as search query: “–!> The JavaScript dialog will pop-up: When we look at the source code we can see the JavaScript that was executed by the browser: Mitigation My recommendation would be to filter the search input for special characters used in HTML and JavaScript. I hope that my findings and report can contribute to a better and more secure website of the alsoisp organization. * Thread Starter [alsoisp](https://wordpress.org/support/users/alsoisp/) * (@alsoisp) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-9992898) * Enter the following XSS payload as search query: * // . “–!> // * I hope we see the query here in your Ticketsystem. In the post before, the query was interpretet. * Thread Starter [alsoisp](https://wordpress.org/support/users/alsoisp/) * (@alsoisp) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-9992901) * I can’t send you the query here, please give me a mail to sent it. * [WD Support](https://wordpress.org/support/users/wdsupport/) * (@wdsupport) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-9998551) * Hi, * Please contact our support team using the following email address: [support@web-dorado.com](https://wordpress.org/support/topic/css-vulnerability/support@web-dorado.com?output_format=md) * Please, mention the URL of this forum topic in your message. We will provide a solution as soon as possible and share it here as well. * Thanks. Have a nice day. * [WD Support](https://wordpress.org/support/users/wdsupport/) * (@wdsupport) * [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-10007369) * Hi, * Please, be informed that the security issue has been fixed and the plugin has been updated. * Thanks. have a nice day. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘css vulnerability’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/spider-faq.svg) * [SpiderFAQ](https://wordpress.org/plugins/spider-faq/) * [Support Threads](https://wordpress.org/support/plugin/spider-faq/) * [Active Topics](https://wordpress.org/support/plugin/spider-faq/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/spider-faq/unresolved/) * [Reviews](https://wordpress.org/support/plugin/spider-faq/reviews/) * 6 replies * 2 participants * Last reply from: [WD Support](https://wordpress.org/support/users/wdsupport/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/css-vulnerability/#post-10007369) * Status: resolved