1. 3
  1.  

  2. 1

    If they are vulnerable to plain, basic, well-known XSS like this, i wonder what are they using to render the web pages? Because every modern language/framework covers this by default.

    is this PHP and they are ignoring the security practices? CGI? nothing else even comes to my mind.

    1. 2

      Note that this was found and fixed a number of years ago.

      1. 1

        Every team has their own bit IIRC.

        Of course, that means that if any one team messes up, the whole thing is vulnerable.