Burp Suite User Forum

Login to post

Stored XSS into anchor href attribute with double quotes HTML-encoded is not recognizing an XSS

Chodavarapu | Last updated: Nov 08, 2020 01:04PM UTC

I have done the following submit a comment that calls the alert function when the comment author name is clicked. I have used the following payload in the website field of the form: javascript:alert(1)

Uthman, PortSwigger Agent | Last updated: Nov 09, 2020 09:39AM UTC

I just tested the lab and it appears to be working as expected. Can you please take another look at the instructions or use a video walkthrough on YouTube?

You need to Log in to post a reply. Or register here, for free.