Reflected Cross-site Scripting

The application was found vulnerable to Reflected Cross-site Scripting (XSS).

XSS is a type of web application security vulnerability, which allows code injection by malicious web users into the web pages viewed by other users.

Reflected Cross-site Scripting is a type of XSS where the injected code is reflected off the web server. This kind of XSS is short-lived and requires a phishing vector to be delivered to the victim.


An attacker may be able steal personal data, hijack sessions and perform phishing attacks by forcing a user's browser to execute a malicious JavaScript payload.


Sanitise all user-supplied input before using it as part of dynamically generated pages and data. Be cautious of meta character that can be used to build tags and attributes.



request: GET HTTP/1.1 Content-Type: application/x-www-form-urlencoded

request: POST HTTP/1.1 Content-Type: application/x-www-form-urlencoded username='%3E%3CRfJHk%3E&password=aBPpyyZiSU