About User Controllable HTML Element Attribute
189 views
Skip to first unread message
arunsi...@gmail.com
Jan 13, 2023, 6:50:12 PM1/13/23
to OWASP ZAP User Group
Hi,
I am learning about ZAP proxy and had a question about one of the alerts I found. If this is not the right forum to raise queries like this, please do let me know.
So as part of learning ZAP, in one of my test applications I found this alert: "User Controllable HTML Element Attribute (Potential XSS)".
https://www.zaproxy.org/docs/alerts/10031/
So is this to "XSS Targeting HTML Attributes" as described in this document?
https://capec.mitre.org/data/definitions/243.html
Thanks and best regards,
Arun
I am learning about ZAP proxy and had a question about one of the alerts I found. If this is not the right forum to raise queries like this, please do let me know.
So as part of learning ZAP, in one of my test applications I found this alert: "User Controllable HTML Element Attribute (Potential XSS)".
https://www.zaproxy.org/docs/alerts/10031/
So is this to "XSS Targeting HTML Attributes" as described in this document?
https://capec.mitre.org/data/definitions/243.html
Thanks and best regards,
Arun
Simon Bennetts
Jan 16, 2023, 5:05:51 AM1/16/23
to OWASP ZAP User Group
Hi Arun,
Not necessarily :)
This is an informational alert which is exactly what it says: "user controllable HTML element attribute".
So the user can change an HTML element attribute.
It is not necessarily a vulnerability, but if you are a pentester then you would want to have a good play with this attribute to see if yoiu could exploit it :)
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages