xss issue was missed.

Created by: bgerardw

I was looking at a site that and alternative scanner had found an xss issue on. It was not a false positive.

Arachni, however, missed it.

The vulnerability is on a pair of select boxes. On selecting one of them a call is made on the server and this call is vulnerable. the injection vector is

Could it be that Arachni does not check select boxes for some reason? They are not inside form tags.