Summary
It is caused by insufficient filtering of user input by web applications. Attackers use website vulnerabilities to inject malicious script code (usually including HTML code and client-side Javascript scripts) into web pages, and when other users browse these web pages, the malicious code will be executed, and the victimized users may take a variety of attacks such as cookie data theft, session hijacking, phishing and other attacks.
Details
Enter payload in the input box
PoC
<Button href="javascript://%0aalert(document.domain)">XSS</Button>
<a style="position:absolute;margin:50px; background-color: yellow; z-index:1000;top:50px;padding:100px;font-weight:bold;font-size:45px;color:red;" href="https://www.google.com">Click here for win 1000$</a>
Impact
All Choreography process and Q&A office
Mia0a-hi Reporter
Summary
It is caused by insufficient filtering of user input by web applications. Attackers use website vulnerabilities to inject malicious script code (usually including HTML code and client-side Javascript scripts) into web pages, and when other users browse these web pages, the malicious code will be executed, and the victimized users may take a variety of attacks such as cookie data theft, session hijacking, phishing and other attacks.
Details
Enter payload in the input box
PoC
Impact
All Choreography process and Q&A office