Menu

#1 Cross-site Scripting (XSS)

1.0
open
nobody
xss (1)
2014-04-04
2014-04-04
ILKEN PORFIRIO
No

The page "login.php" can be exploited, allowing a user to inject malicious code.

Example: "login.php?user=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E"

To avoid this simply filtering the output data.

Reference: https://en.wikipedia.org/wiki/Cross-site_scripting

Discussion

Log in to post a comment.