Self XSS is a XSS vulnerability that only affects the one performing it, such as tricking the victim into copy pasting code into the browser console.
Questions tagged [self-xss]
13 questions
11
votes
2 answers
Facebook's warning of self-xss
I happened to open my browser console on Facebook recently and was greeted with the following message.
Stop!
This is a browser feature intended for developers. If someone told you to copy and paste something here to enable a Facebook feature or…
Luke
- 223
- 2
- 7
3
votes
2 answers
Further exploit self XSS
I´m pentesting a clients website and found a self XSS Vulnerability in the Login Page: in case of a login error the Error Page shows the Username, so if you input as User, it shows the alert box.
However, it´s probably…
Opera of the Phantom
- 185
- 9
3
votes
3 answers
CVSS Score for self-XSS (stored XSS)
I have a web application which is vulnerable to stored, self-XSS attack. Proper encoding is not done In the place where the data from a database (set by the same user) is added to response.
However, this XSS can be considered as not self-XSS…
NShani
- 31
- 1
- 6
2
votes
1 answer
Self-XSS From File Upload Name
I encountered this type of vulnerability a couple of times but was not able to fully exploit it.
This vulnerability is a self-xss which is triggered from file names. E.g. If I were to upload a file named [xss-payload].png, it will be executed as…
Emanuel Beni
- 133
- 8
2
votes
1 answer
Is this considered DOM-XSS or self-XSS or both?
SCENARIO:
A web page shows an error login page using these javascript lines
user input can be inputted with xss payload.
Filter is doing following replaces:
i) " with \"
ii) \ with \\
iii) / with \/
I have tried…
Ashish Kataria
- 101
- 1