A3:2021 | Cross Site Scripting (XSS) (3) | Cycubix Docs

Most common locations

• Search fields that echo a search string back to the user.
• Input fields that echo user data.
• Error messages that return user-supplied text.
• Hidden fields that contain user-supplied data.
• Any page that displays user-supplied data.
  • Message boards
  • Free form comments
• HTTP Headers.