RXSS - https://████████/
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
0xelkomy
Vulnerability Details
Technical details and impact analysis
>Hello All I Found RXSS in your OWN Website
## Steps To Reproduce
Go to Those Links.
https://██████/(A('onerror=%22alert%601%60%22testabcd))/
## Browsers
I test them on Firefox and Google Chrome.
##Fix:-
Filter input on arrival
Encode data on output
Use appropriate response headers
Content Security Policy.
Regards,
xElkomy
## Impact
View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. || And I can used this for
1-Ad-Jacking
2-Session Hijacking
3-Bypassing CSRF protection
4-Crypto Mining ::::)))
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected