Burp Suite User Forum

Login to post


Steven | Last updated: Jan 22, 2023 04:19PM UTC

Hello everyone, hope u are all great... I am having trouble replicating an issue that burp alerts too.. I have a reflected xss works fine in burp but is not reproducible in the browser due to modern browsers encoding input as a xss security mechanism.. So my Question is this issue exploitable, can i get around this problem to earn a bounty???, or is this just a false positive..... When coping the session from burp it fires, when using the url directly it does not...

Hannah, PortSwigger Agent | Last updated: Jan 23, 2023 09:28AM UTC

Hi Have you checked out our Academy topic on XSS? You can find it here: https://portswigger.net/web-security/cross-site-scripting

You need to Log in to post a reply. Or register here, for free.