Injection: XSS Injection¶

Identifier: xss_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

XSS vulnerabilities occur when applications accept and process user-supplied data without adequate validation, allowing attackers to inject malicious scripts that execute in users' browsers.

How we test: We use AI-powered analysis to intelligently craft XSS payloads and test injection points. We inject various XSS payloads into request parameters and analyze responses to detect if malicious scripts are reflected back without proper sanitization, testing for both reflected and stored XSS vulnerabilities.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  xss_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.