XSS scripting for Search textbox

Nov 14, 2014 at 6:54 AM
I have a textbox which is used for searching the data within the site. What my client wants that, 1)Enter any text in the search field and click the search symbol. 2)The request going to the server using a web proxy tool like "Burp" 3)Append the parameter with the script present as "test<~script>confirm(123)<~/script>" what happens here is

The XSS script entered by the advesary gets reflected in the response without any input. Please see the image below you will get an idea:-

http://www.imagesup.net/?di=414158635584

Guys, let me know if you need any more information related to it. Please help guys, Any help would be appreciated. I want to stop the attack from server side.