securityxsshtml-injections

HTML Injection on a web page that does not accept data entry?


Can HTML Injection or XSS Injection be done on a web page that does not accept data entry (search, username, password, etc.)?


Solution

  • Yes. DOM-Based XSS vulnerability does not need a REST endpoint to even exist. The attack goes directly to the DOM model of the web page. Actually one of the most troublesome versions of XSS out there.