Skip to content
/ reflected-cross-site-scripting Public

A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser

License

AGPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/reflected-cross-site-scripting

BranchesTags

Repository files navigation

A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser.

Example #1

  1. Threat actor crafts an email with a malicious request to a vulnerable target and sends the email to Bob
  2. Bob clicks on the email and sends the request to the vulnerable target
  3. The target includes the malicious code as part of the response and sends it back to Bob
  4. Bob's browser executes the malicious code that calls back the threat actor

Impact

Vary

Risk

  • Read & modify data

Redemption

  • Server input validation
  • Output encoding
  • Browser built-in XSS preveiton

ID

cb251c97-067d-4f13-8195-4f918273f41b

References

About

A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser

Topics

visualization metadata scripting site xss vulnerability cross reflected qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors