Vulnerability in EPiServer.Forms
We have recently started noticing additional URL parameters being added to internal search pages;
e.g. a user can visit /search/?search=querystring
The user will be displayed a list of results as normal, but in addition to the desired page e.g. /news/mynewspage/
Will be appended to the URL in the HTML...
Does anyone have an idea on how to remove this? I believe it's something with hit tracking from search?
"Track() ensures that the required tracking information is added to the URLs of the search hits."
So try removing that extension method .Track() when querying Find to disable.