What is the difference between self XSS and reflected XSS? If I find a XSS vulnerability, how do I know whether it is self XSS or reflected XSS ? I have tried reading a lot of articles on Google but am still confused. Thanks in advance!
Self XSS vs Reflected XSS
4.3k Views Asked by Bhuvesh Gupta At
2
There are 2 best solutions below
2
Simon Bennetts
On
Reflected XSS vulnerabilities typically refer to links that you can trick people into clicking - if the user follows them then the javascript is executed, eg https://www.example.com/example?search=<script>alert(1);</script>
Self XSS vulnerabilities typically require the user to type something in, such as putting <script>alert(1);</script> in a form field where the value is not populated from a URL or form parameter. So you can only impact yourself with self XSS vulnerabilities unless you have a really gullible user :)
Related Questions in JAVASCRIPT
- Using Puppeteer to scrape a public API only when the data changes
- inline SVG text (js)
- An array of images and a for loop display the buttons. How to assign each button to open its own block by name?
- Storing the preferred font-size in localStorage
- Simple movie API request not showing up in the console log
- Authenticate Flask rest API
- Deploying sveltekit app with gunjs on vercel throws cannot find module './lib/text-encoding'
- How to request administrator rights?
- mp4 embedded videos within github pages website not loading
- Scrimba tutorial was working, suddenly stopped even trying the default
- In Datatables, start value resets to 0, when column sorting
- How do I link two models in mongoose?
- parameter values only being sent to certain columns in google sheet?
- Run main several times of wasm in browser
- Variable inside a Variable, not updating
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in XSS
- How to sanitise request body in spring boot if some attributes contain these values
- Using Content Security Policy to prevent XSS with HTML object/data tag
- Checkmarx DOM XSS Vulnerability flagging JS/jQuery code
- Prevent XSS attack on an application made using outsystems, preventing file upload which has hidden javascript code
- How to fix checkmarx reflected XSS attack in JSP page?
- how to prevent url custom parameters xss attack in WordPress
- XSS scan with python and selenium
- i'm trying to sanitize but it doesn't work
- XSS attack on location map
- How to create "unsafe" environment for JavaScript XSS testing
- Is there still an XSS bug in JQuery1.12.4 when I upgrade my JQuery framework from 1.7.2 to 1.12.4?
- Is it safe to store TwitterAPI access tokens in Session variables?
- Sanitize injected CSS to prevent XSS
- Is this POC a real XSS vulnerability?
- How to preserve rich text formatting in contentNote after escaping HTML characters to prevent XSS attack in salesforce
Related Questions in OWASP
- Java bean validation alternatives to OWASP ESAPI
- Csrfguard unprotected resources are protected
- ESAPI.validator().getValidInput returning "null" value
- How to add custom exclude parameter via zap API
- I am using the OWASP library to ensure data is safe before inserting to html however emojis are not displaying
- Rails Brakeman SQL injection warning while accessing an oracle view/function
- OWASP top 10 web app security risks mitigation in AngularJS
- Axis2 - Information Leakage Prevention
- Why is it common to put CSRF prevention tokens in cookies?
- out of scope error shown in ajax spider attack in zap
- How to re-install deleted add-on in owasp zap?
- how to execute two sites at a same time in owasp zap
- How to receive SQL syntax error using SQL injection?
- OWASP AppSensor - Deploying Java Back-end API
- File uploads fail with through web application firewall with mod_security and mod_rewrite
Related Questions in WEB-APPLICATION-SECURITY
- Enabling SPNEGO security in Angular
- Hacker caused my website to display ERR_CONNECTION_REFUSED
- Does Disabling Anti-forgery Token protection from one endpoint for the homepage is a good option?
- Preventing XSS attacks on Spring applications
- How should signup form error responses be displayed
- malicious attack identification using web application logs
- Asp.net web.config syntax issue
- DOM Clobbering and how it works
- How to configure jboss EAP 6.4 differently for different applications running on it?
- Netsparker Detected Weak Ciphers Enabled. Is This Possible Although There Is No SSL Encryption?
- Abusing Host Header Injection to access customized Apache Traffic Server Protocol
- Enterprise Validation check login true or false and retrieve user information?
- duplicate key error index in mongodb mongoose
- Self XSS vs Reflected XSS
- Securely checking the origin of a message posted from another window
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Reflected XSS occurs when user input included in the url address is reflected in the page source un-unescape .
Now, a lot of things can be user input such as your input in search form , the url adress itself . an example is
https://vulnerable.com/<script>alert(1)</script>lets say after visiting the url and you check the page source in your browser and you see
<script>alert(1)</script>somewhere in the page source . This is a reflected xss and can be used to exploit other users since anyone who visited that link will have the xss fired and their cookies stolen if lacking the httponly flagSelf XSS self Xss is an xss that executes in the context of the user who submits the payload . Say web app has profile function and in the profile function you have an option to specify a nickname . now in this web app you cant view other user profiles , meaning thier is no way to make another user view your profile . Most bank apps are like this. Now, if the nick name parameter is vulnerable to xss , The xss here would be self xss because only you can view your user profile and the xss will only execute in your own context . You can agree that stealing your own cookies isnt of any impact