MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

U.S. Dept Of Defense: RXSS Via URI Path - https://██████████/

Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to This Link https://██████/Orders/A%22onerror='alert%60xElkomy%60'testabcd/Login.aspx?ReturnUrl=/Orders Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response...

U.S. Dept Of Defense: RXSS - ████

Hello, friends today when I was checking some sites I found this bug on your own website. Detalis XSS Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

U.S. Dept Of Defense: RXSS - https://████████/

Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to Those Links. https://██████/A'onerror=%22alert%601%60%22testabcd/ Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy...

U.S. Dept Of Defense: RXSS - https://███/

Hello All I Found RXSS in your OWN Website Steps:- Add Payload XSS To /████?view= Example:- https://████/█████████?view=%3Cscript%3Ealert%22xElkomy%22%3C/script%3E Payloads:- Any payloads XSS Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security...