XSS - Reflected XSS Attacks


Use a vulnerability on the Digital Access Code entry field to inject script to start XSS attack. 


One of the most effective way to validate if the site or webform is vulnerable for XSS, you can use below


You can see response from the server shown

1. Just enter script below and click purchase, 

<IFRAME SRC="javascript:alert('Reflected XSS by windowspeople');"></IFRAME>


 <script>alert('Reflected XSS by windowspeople')</script>


<img src='x:x' on-error=alert('xss_test')>


2. XSS script started and pop up window. 



Please publish modules in offcanvas position.