The page is echoing back raw html to the browser. This makes the page vulnerable to a number of attack vectors like XSS script attacks.
For evidence, login to the website, then click this link:
https://www.auran.com/planetauran/S...2><font color='red'>Awesome.<font></h2></div>
I should not have been able to deliver a message like that to a user. Please make changes to the web site to insure that raw HTML code is never presented to the user from a vector that you do not have control over, like the query string.
For evidence, login to the website, then click this link:
https://www.auran.com/planetauran/S...2><font color='red'>Awesome.<font></h2></div>
I should not have been able to deliver a message like that to a user. Please make changes to the web site to insure that raw HTML code is never presented to the user from a vector that you do not have control over, like the query string.
Last edited: