Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

cross site scripting issue detail (typo)

BB | Last updated: Apr 26, 2016 03:13PM UTC

Using BurpSuite Pro 1.6.39. Scanner found an XSS and gave it "Informational" severity, so I read the "Issue Detail" a little more closely than usual (because why "informational"?) The Detail contains two nearly identical paragraphs next to each other. Maybe give this a quick copy-edit: The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible. The original request used a Content-type header which it is not possible to generate using a standard HTML form. It was possible to replace this header with a standard value, to facilitate cross-domain delivery of an exploit.

PortSwigger Agent | Last updated: Apr 27, 2016 08:52AM UTC

Thanks for this report. It looks like this is actually a bug in the scan check logic, as it is saying two inconsistent things in the issue detail. We'll investigate why this is happening and get it fixed.

PortSwigger Agent | Last updated: May 12, 2016 02:40PM UTC

In today's release we've addressed this issue. Thanks again for your feedback, and please do let us know if you run into any further issues.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.