Questions tagged [xss]
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
4,513
questions
-2
votes
0
answers
58
views
Can CSS inject JS/Text/Elements without using url(), expression() or pseudo selectors?
Can I consider a CSS script or inline styling safe from injection if I parse the content and discard all pseudo-selectors any pair of css_property=value; when the value contains any of the keywords ...
- 2,076
-1
votes
0
answers
16
views
Ways to allow inline script for script-src CSP header without using nonce/hash/unsafe-inline
Is there any way that allows inline script for script-src CSP header without using nonce/hash/unsafe-inline ?
Since our project is huge and there are multiple areas where inline script is present
We ...
1
vote
1
answer
24
views
Service Stack - Security XSS Query following pentest
We recently had a penetration test done, and one of the "high" items was the fact that our servicestack API will reflect back user input unmodified to the caller. E.g. I can send some ...
- 271
0
votes
0
answers
14
views
Reflected XSS Cookie Grabbing for Internal application
I'm able to execute reflected xss on an internal application which does not have internet access. The developer is asking me to exploit the issue. he also assures that the session id is mapped to IP ...
- 1
0
votes
2
answers
41
views
Post raw HTML data via AJAX to server with ModSecurity
I have a website that uses jQuery ajax $.post to save html data to a PHP script.
The data for $.post is serialized textarea form data (where the user edits css, javascript & html).
All works well ...
- 176
-1
votes
0
answers
38
views
Escaping outputs by default? [duplicate]
We are using an MVC arch and using JSP for view. Our codebase is a bit old and not many people focused on using escapeXML or c:out tags in JSPs which is causing a lot of XSS vulnerabilities now. We ...
1
vote
1
answer
69
views
How could I escape a value in custom JSP tag handler? [duplicate]
This is one of my field in one of my jsp file:
<input class="form-input" id="login" type="text" name="login"
<c:choose>
<c:when test="${...
- 93
1
vote
1
answer
36
views
Why innerHTML injects data into page if it doesn't use append on body?
I encountered this seemingly safe function to extract text content from html
function getText(html) {
const div = document.createElement('div')
div.innerHTML = html
return div.textContent
}
It ...
- 24.3k
0
votes
1
answer
45
views
Assigning window.open causes a DOMException
I have an iframe embedded in a different domain that opens up a popup window in a different domain. I am trying to establish cross window communication and running into a bunch of XSS security ...
- 23
-1
votes
1
answer
44
views
dangerouslySetInnerHTML not working with a <script>
I have the following code:
const Show = () => {
const dangerousMarkup = { __html: "<script>alert('ERROR');</script>" };
return (
div dangerouslySetInnerHTML={...
- 39
0
votes
0
answers
28
views
If a cookie is vulnerable to XSS (so you can edit the cookie's value to contain script), how can that be exploited in practice?
I was checking out this Portswigger lab:
https://portswigger.net/web-security/essential-skills/using-burp-scanner-during-manual-testing/lab-scanning-non-standard-data-structures
And basically the ...
- 1
0
votes
0
answers
29
views
Fortify flaging .Net6 API returning File from internal server vulnerable to XSS attack
using (HttpClient client = new HttpClient())
{
string FindDocumentURL = string.Concat(internal server URL builder);
response = await client.GetAsync(FindDocumentURL);
if (response....
- 1
0
votes
0
answers
52
views
How to dump quotes while keeping protection against XSS attacks in Laravel
I have a series of user-input string fields that have to accept ' and ", and I have to present them correctly in a blade view.
I would like to know if it would be secure (and what issues can I ...
- 117
0
votes
0
answers
14
views
How to trap a CSP report for known issue
I have a client side codebase that uses a number of third party npm modules. One of them, ag-charts-community as it happens, has a block that looks like this
function functionConstructorAvailable() {
...
- 11k
0
votes
2
answers
48
views
htmlspecialchars() default flags
https://www.php.net/manual/en/function.htmlspecialchars.php
flags...
The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.
But then below
When neither of ENT_COMPAT, ENT_QUOTES, ENT_NOQUOTES is ...
- 16.9k