A3:2021 | Cross Site Scripting (XSS) (3) | Cycubix Docs

Most common locations

  • Search fields that echo a search string back to the user.

  • Input fields that echo user data.

  • Error messages that return user-supplied text.

  • Hidden fields that contain user-supplied data.

  • Any page that displays user-supplied data.

    • Message boards

    • Free form comments

  • HTTP Headers.

Last updated