The provided text describes a cross-site scripting (XSS) vulnerability in CMScout, where insufficient sanitization of user-supplied input in the 'search' field allows arbitrary script execution. The example payload demonstrates a simple HTML injection, though no functional exploit code is included.
Classification
Writeup 90%
Target:
CMScout (version unspecified)
No auth needed
Prerequisites:
User interaction required to input malicious payload into the 'search' field