Cross-site scripting (DOM-based) burp issues
40
August 28, 2018, at 07:10 AM
In Burp Scanner Report, I got below issue
The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement:
$(location).attr('href',"/MYAPP/home.action");
How this can be avoided. Will below solution to prepend '/' work in this case or it will be still exploitable
$(location).attr('href','/'+"MYAPP/home.action");
-
5:20
-
5:10
Map bindings for google.longrunning.Operations/GetOperation to any Uri template
-
5:00
-
4:50
SQLSTATE[HY000] [2002] Connection refused (SQL: select * from `posts`)
-
4:40
How would I go about passing the cloudinary widget data to my db?
-
4:30
-
4:20
-
4:10
-
3:50
Docker - Failed to Connect to MySQL instance. How to solve it?
POPULAR ONLINE
- Adding methods to es6 child class 11536 visits
- search for elements in a list 10868 visits
- In Chrome 55, prevent showing Download button for HTML 5 video 9201 visits
- typescript: tsc is not recognized as an internal or external command, operable program or batch file 7549 visits
- RxJS5 - error - TypeError: You provided an invalid object where a stream was expected 6589 visits
- Ionic 2 - how to make ion-button with icon and text on two lines? 5396 visits
- Conflict: Multiple assets emit to the same filename 5379 visits
READ ALSO
