I was doing a VAPT assessment in which I see some JSON body in the request which has orgid deviceid
So there any possibility to get XSS in json body?
Asked
Active
Viewed 56 times
1 Answers
1
So there any possibility to get XSS in json body?
XSS is not about how the code fragment is transported but where it is included. Thus it does not matter if it is transport with JSON, XML, plain text, ... If it is included in places were scripts gets executed, then it is essentially included as code, i.e. XSS is possible. If it is included in places were it could break out of the current context and enter script context, then XSS is possible too.
Steffen Ullrich
- 184,332
- 29
- 363
- 424