Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qeeqbox/reflected-cross-site-scripting
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser
https://github.com/qeeqbox/reflected-cross-site-scripting
cross infosecsimplified metadata qeeqbox reflected scripting site visualization vulnerability xss
Last synced: 2 days ago
JSON representation
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser
- Host: GitHub
- URL: https://github.com/qeeqbox/reflected-cross-site-scripting
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2022-04-28T04:20:40.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-29T01:05:42.000Z (10 months ago)
- Last Synced: 2024-05-01T11:27:24.845Z (7 months ago)
- Topics: cross, infosecsimplified, metadata, qeeqbox, reflected, scripting, site, visualization, vulnerability, xss
- Homepage:
- Size: 305 KB
- Stars: 3
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser.
## Example #1
1. Threat actor crafts an email with a malicious request to a vulnerable target and sends the email to Bob
2. Bob clicks on the email and sends the request to the vulnerable target
3. The target includes the malicious code as part of the response and sends it back to Bob
4. Bob's browser executes the malicious code that calls back the threat actor
## Impact
Vary
## Risk
- Read & modify data
## Redemption
- Server input validation
- Output encoding
- Browser built-in XSS preveiton
## ID
cb251c97-067d-4f13-8195-4f918273f41b
## References
- [wiki](https://en.wikipedia.org/wiki/cross-site_scripting)