xss – WindowsTechs.com

Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability

Posted on December 4, 2024 by Deeba Ahmed

The vulnerability was first identified in 2014. Continue reading Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability→

Bypassing HTML Encoding for XSS in Search Input

Posted on October 9, 2024 by Mee

I’m a beginner bug hunter and I’m currently looking for XSS vulnerabilities in a search input where the search result is displayed on the page like this:

Search Result – <script>alert(1)</script>

The application allows the us… Continue reading Bypassing HTML Encoding for XSS in Search Input→

How can tell where this XSS payload gets triggered?

Posted on September 28, 2024 by security_paranoid

After running XSStrike on example.com/example?example= (for the parameter example), it is certain (10/10 certainty) that the payload %3Chtml%3E%3Cscript%20onpointerenter%3Dconfirm()%3E%3C%2Fscript%3E is an XSS vulnerability.
URL-decoded, t… Continue reading How can tell where this XSS payload gets triggered?→

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities

Posted on September 18, 2024 by Ionut Arghire

CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them.
The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek.
Continue reading CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities→

someone reported me that he found xss but i can’t find any pop anyone explain [closed]

Posted on September 2, 2024 by Jobert Evans

please share what is the reason behind this .

Continue reading someone reported me that he found xss but i can’t find any pop anyone explain [closed]→

Appending string to a user input can stop xss in jquery selector?

Posted on August 25, 2024 by niopiop poiu

I’ve found that a user input was passed to jquery selector sink $()
This is known to be vulnerable because having something like :

$("<img src=’/’ onerror=alert(‘xss’);>")

Will result in an alert in the page
But in this c… Continue reading Appending string to a user input can stop xss in jquery selector?→

Can URL maskers bypass browser XSS blockers?

Posted on August 3, 2024 by security_paranoid

I know that basically every modern browser version has a cross-site-scripting blocker for XSSed URLs, as in the type of filter that actually stops a user from visiting the URL, warning them of the malice it might inflict.
But let’s say tha… Continue reading Can URL maskers bypass browser XSS blockers?→

Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?

Posted on July 25, 2024 by security_paranoid

So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger responses that might indicate SQLi, XSS, CS… Continue reading Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?→

XSS with failing method in the injected DOM within onclick

Posted on July 23, 2024 by joFriedley

If I have a DOM XSS such as
<button type="button" data-dismiss="modal" onclick="Register.search(‘{INJECTION_PAYLOAD}’);">
Search
</button>

Where I could for example inject code which closes th… Continue reading XSS with failing method in the injected DOM within onclick→

How to launch XSS code from an INPUT tag?

Posted on July 16, 2024 by

I have a website with the following code:
<input class="Header–search–form-input" name="search" value="" onfocus="alert(1)" autofocus="" placeholder="put request&q… Continue reading How to launch XSS code from an INPUT tag?→