Reflected XSS but no Content-Type is specified
I have found parameter that simply reflects into response body, but no Content-Type is specified by server. It doesn’t use any XSS-protection mechanisms like CSP or X-XSS-Protection. However, I was not able to fire payload in up-to-date Ch… Continue reading Reflected XSS but no Content-Type is specified