Reflected XSS into HTML context with nothing encoded
Description
The website in this lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
Reproduction and proof of concept
Copy and paste into the search box:
<script>alert(1)</script>
Click “Search”.
