Questions tagged [xss]
Cross-Site Scripting: An attack method that involves injection of code or markup into a webpage. There are three major types of XSS: Reflected XSS, Stored XSS (aka persistent XSS) and DOM-based XSS (aka client side XSS).
1,548 questions
9votes
3answers
3kviews
Is it acceptable to ignore potential XSS payloads if they are not executed on our side?
I'm responsible for a web application where users can upload a file containing data in a specific syntax, which then automatically fills out a form instead of requiring manual input. The issue is that ...
- 91
2votes
1answer
106views
XSS CTF - How to execute payload inside an HTML comment (blacklisted words & encoded characters)
I'm trying to solve a CTF challenge that requires me to obtain the admin cookie through XSS. Here's the situation: -Main form: When I enter any input, it gets reflected in the page, but it is inserted ...
- 21
1vote
0answers
43views
XSS working in browser but not through script
I'm working on a CTF where to obtain the flag I need to trigger the admin user of a Flask app to reveal it. The way this has to be done is through a CSRF + XSS chain attack, as the validation script ...
- 111
2votes
1answer
78views
Jinja2: safe from XSS/SSTI if using select_autoescape and context dictionary?
In a FlaskRestX API for an e-commerce site, I use jinja2 to generate a HTML template (to create a PDF purchase receipt). After reading the docs, and asking various AI models, I am still not convinced ...
1vote
0answers
61views
Web Server Generic Cookie Injection
After running a Nessus scan, one of its plugins checks for cookie injection called "Web Server Generic Cookie Injection" (https://www.tenable.com/plugins/nessus/44135) The scan shows that ...
- 465
1vote
0answers
108views
XSS javascript does not execute (bug bounty)
I am doing a bug bounty and i found an XSS injection point. However most tags are filtered and i have been getting no results in executing JS, i can do what ever HTML i want though here are some ...
0votes
1answer
153views
How to securely load user genereated Javascript code from IFrame into my website?
Before I start, I have found a few related references to this question, but they are not answered previously or are about a slightly different scenario to mine. I have the following need. I need a way ...
- 115
2votes
0answers
32views
Bypassing HTML Encoding for XSS in Search Input [duplicate]
I'm a beginner bug hunter and I'm currently looking for XSS vulnerabilities in a search input where the search result is displayed on the page like this: Search Result - <script>alert(1)</...
- 21
0votes
0answers
91views
Appending string to a user input can stop xss in jquery selector?
I've found that a user input was passed to jquery selector sink $() This is known to be vulnerable because having something like : $("<img src='/' onerror=alert('xss');>") Will ...
4votes
1answer
382views
Can URL maskers bypass browser XSS blockers?
I know that basically every modern browser version has a cross-site-scripting blocker for XSSed URLs, as in the type of filter that actually stops a user from visiting the URL, warning them of the ...
- 4,735
1vote
0answers
89views
Is it possible to bypass a html <> regex? [closed]
I need to bypass a regex filter that filters all between <> I tried almost everything, so this is my last chance. The regex look like this: result.replace(/<[^>]*>?/gm, ''); I need to ...
- 11
2votes
2answers
392views
Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger ...
- 4,735
4votes
0answers
76views
XSS with failing method in the injected DOM within onclick
If I have a DOM XSS such as <button type="button" data-dismiss="modal" onclick="Register.search('{INJECTION_PAYLOAD}');"> Search </button> Where I could ...
1vote
0answers
91views
How to launch XSS code from an INPUT tag?
I have a website with the following code: <input class="Header--search--form-input" name="search" value="" onfocus="alert(1)" autofocus="...
6votes
3answers
1kviews
What is the next layers of defence against cookie stealing if GET parameter is vulnerable to XSS and there is no HttpOnly flag in a website?
If a GET parameter in a website is vulnerable to XSS and the user input is reflected without any change or escaping or filtering and also HttpOnly is not set for session cookie, is stealing the cookie ...
- 71
