Sanitization of $queryString
1.Vulnerability:
In the LaguController.php convert special characters to HTML entities to prevent potential XSS attacks, if the value would be included in HTML output.
2.Exploit
A user navigates to a URL like
http://yourwebsite.com/?q=<script>alert('XSS Attack');</script>.
3.Fix:
This issue was fixes with this commit: 55ab7ec3
Edited by Lukáš Radovanský