Burp Suite User Forum

Login to post

Burp not reporting XSS issues

Chadwick | Last updated: Jul 24, 2019 03:26PM UTC

I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept. Recently, I found a number of XSS manually using a simple alert script (<script>alert(1)</script>) on a number of different web pages, but no XSS issues are showing up in the site map tab for the website as i expected. The contents show my modified requests, as well as the alert script showing the the response.

Liam, PortSwigger Agent | Last updated: Jul 25, 2019 02:42PM UTC

Would it be possible to send us the requests and responses displaying the issues that Burp isn't finding? You can send any sensitive information to support@portswigger.net.

Burp User | Last updated: Jul 26, 2019 03:45PM UTC

I emailed the data a short time ago. Thanks!

You need to Log in to post a reply. Or register here, for free.