Questions tagged [xss]
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
4,514
questions
-1
votes
0
answers
5
views
(Bug Hunting) Help to exploit an iframe hosted on the target host
i am new to bug hunting. then came across a webpage which i can modify the src of an iframe using inspect element of a browser. The test url that a put in the <iframe src="hxxp://xxx.test.com ...
0
votes
0
answers
23
views
How to protect against XSS attacks in Servant Framework?
I have an S2S API which takes in user input and some of that input later gets sent to the frontend. If the user data contains any html like <script> tags, I want to throw a Bad Request 400 ...
0
votes
1
answer
38
views
Is <textarea> .value Cross-Site Scripting (XSS) safe?
I am writing a static page for a tool: User pastes in base64 and it gets converted into plaintext. Not like it matters, but because the context is cryptographic, I want to prevent XSS.
I noticed ...
-2
votes
0
answers
59
views
Can CSS inject JS/Text/Elements without using url(), expression() or pseudo selectors?
Can I consider a CSS script or inline styling safe from injection if I parse the content and discard all pseudo-selectors any pair of css_property=value; when the value contains any of the keywords ...
-1
votes
0
answers
18
views
Ways to allow inline script for script-src CSP header without using nonce/hash/unsafe-inline
Is there any way that allows inline script for script-src CSP header without using nonce/hash/unsafe-inline ?
Since our project is huge and there are multiple areas where inline script is present
We ...
1
vote
1
answer
30
views
Service Stack - Security XSS Query following pentest
We recently had a penetration test done, and one of the "high" items was the fact that our servicestack API will reflect back user input unmodified to the caller. E.g. I can send some ...
0
votes
0
answers
15
views
Reflected XSS Cookie Grabbing for Internal application
I'm able to execute reflected xss on an internal application which does not have internet access. The developer is asking me to exploit the issue. he also assures that the session id is mapped to IP ...
0
votes
2
answers
43
views
Post raw HTML data via AJAX to server with ModSecurity
I have a website that uses jQuery ajax $.post to save html data to a PHP script.
The data for $.post is serialized textarea form data (where the user edits css, javascript & html).
All works well ...
-1
votes
0
answers
38
views
Escaping outputs by default? [duplicate]
We are using an MVC arch and using JSP for view. Our codebase is a bit old and not many people focused on using escapeXML or c:out tags in JSPs which is causing a lot of XSS vulnerabilities now. We ...
1
vote
1
answer
69
views
How could I escape a value in custom JSP tag handler? [duplicate]
This is one of my field in one of my jsp file:
<input class="form-input" id="login" type="text" name="login"
<c:choose>
<c:when test="${...
1
vote
1
answer
37
views
Why innerHTML injects data into page if it doesn't use append on body?
I encountered this seemingly safe function to extract text content from html
function getText(html) {
const div = document.createElement('div')
div.innerHTML = html
return div.textContent
}
It ...
0
votes
1
answer
45
views
Assigning window.open causes a DOMException
I have an iframe embedded in a different domain that opens up a popup window in a different domain. I am trying to establish cross window communication and running into a bunch of XSS security ...
-1
votes
1
answer
45
views
dangerouslySetInnerHTML not working with a <script>
I have the following code:
const Show = () => {
const dangerousMarkup = { __html: "<script>alert('ERROR');</script>" };
return (
div dangerouslySetInnerHTML={...
0
votes
0
answers
28
views
If a cookie is vulnerable to XSS (so you can edit the cookie's value to contain script), how can that be exploited in practice?
I was checking out this Portswigger lab:
https://portswigger.net/web-security/essential-skills/using-burp-scanner-during-manual-testing/lab-scanning-non-standard-data-structures
And basically the ...
0
votes
0
answers
29
views
Fortify flaging .Net6 API returning File from internal server vulnerable to XSS attack
using (HttpClient client = new HttpClient())
{
string FindDocumentURL = string.Concat(internal server URL builder);
response = await client.GetAsync(FindDocumentURL);
if (response....