python (12.9k questions)

javascript (9.2k questions)

reactjs (4.7k questions)

java (4.2k questions)

java (4.2k questions)

c# (3.5k questions)

c# (3.5k questions)

html (3.3k questions)

Questions - xss

Prototype Pollution script alert doesn't work

This below is my code. <html> <head> <script src="https://code.jquery.com/jquery-3.5.1.js"></script> <script src="https://raw.githack.com/alrusdi/jquery-p...
test-img

piyush

javascript

html

jquery

alert

xss

Votes: 0

Answers: 1

Latest Answer

The version with <script>alert(1)</script> is harmless because HTML5 specifies that a <script> tag inserted with innerHTML should not execute. See mdn on innerHTML - Security conside...
test-img

trincot

does Django HttpResponseRedirect suffer from xss attack?

As title, because of urlpatterns are setting numeral parameter, i tend to think that HttpResponseRedirect won't suffer from xss attack, am i right? If not, how does HttpResponseRedirect suffer from it...
test-img

Billy Chung

python

django

security

xss

checkmarx

Votes: 0

Answers: 1

Latest Answer

Django is generally secure by default framework, that means that it should not be vulnerable to the most common attacks (such as XSS, SQLi etc.). As long as you didn't use mark_safe() method (referenc...
test-img

mik0w

XSS Vulnerability found in RowCommand function with e.CommandArgument

i'm using Checkmarx to scan a web application and i have noticed a lot of threats are found everytime i use e.CommandArgument in a RowCommand function. Example: Protected Sub gvwModifySend_RowCommand(...
test-img

Arn.adg

.net

xss

checkmarx

antixsslibrary

Votes: 0

Answers: 1

Latest Answer

The reported vulnerability is not XSS, it is Data Filter Injection. You can click the ? next to the query name to get a detailed description. The essence of it is that code you aren't showing is like...
test-img

NathanL

How does httpOnly prevent from malicious package to steal the content in it?

If for example, an installed third party package issues an HTTP request to their servers, and by default, any HTTP request leaves with the cookies content in the request headers, doesn't it make the c...
test-img

Raz Buchnik

javascript

cookies

xss

cookie-httponly

Votes: 0

Answers: 2

Latest Answer

HTTP requests carry with it only cookies that are applicable to the domain being requested, not all of the browser's cookies. If you have a browser with cookies for bank.com, shop.com, and evil-site.c...
test-img

Joseph

Posts

Questions

Blogs

Jobs