Is non-executed content still considered XSS?
I’m working through an OWASP Zap report that has flagged several URLs on the domain as being vulnerable to XSS, but the vulnerability is never output in a context that is executable by the browser. For instance, the report is showing
pat… Continue reading Is non-executed content still considered XSS?