Injection: XSS Injection¶

Identifier: improper_input_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Cross-Site Scripting vulnerabilities occur when an application accepts and processes user-supplied data without adequate validation, allowing attackers to inject malicious scripts that execute in other users' browsers.

How we test: We inject various XSS payloads into request parameters and analyze responses to detect if malicious scripts are reflected back without proper sanitization. We test for both reflected and stored XSS vulnerabilities by checking if injected payloads appear in responses or persist in the application.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  improper_input_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.