Softpedia: XSS Vulnerability Found in WikiLeaks’ Internal Search Engine
Earlier this week, WikiLeaks added an internal search engine to its website to allow users to find documents based on certain keywords. Almost immediately, security researchers noticed that the input wasn’t properly sanitized.
Security expert Mazin Ahmed has published a video on YouTube to demonstrate the existence of the cross-site scripting (XSS) vulnerability. He reported it to WikiLeaks, which addressed the flaw within hours.