How to check your search box for XSS exploit vunerability

Cross-site scripting (XSS) is a type of website vulnerability which allows code to be injection by malicious web users into the web pages viewed by other users.

According to Google:

Cross-site scripting (aka XSS) is the term used to describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized.

Webmasters should always play it safe and check for XSS holes on their site, especially when using freeform text input, which are commonly used as search boxes. Even big sites can have these issues with XSS and escaping user input.

If you noticed your Google rankings dropping, you might consider doing a few searches on your site using Google to see if anyone has injected spammy or adult content on your site.

For example, if your website is example.com.au, run a few search queries such as:

• [site:example.com.au porn]
• [site:example.com.au viagra]

Read more