/labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260
height
, width
The following steps were used to identify and confirm the reflected XSS vulnerability in the height
and width
parameters of the GET request to the affected endpoint. The testing was conducted using Burp Suite.
height
and width
parameters to the URL with the XSS payload: X';alert('X');'
.height
: height=11';alert('11');'
width
: width=XSS 22';alert('22');'
Figure 1: The request made by adding XSS payloads to the height
and width
parameters.
width
Parameterwidth
parameter was accessed.22
) was triggered.Figure 2: The alert appears when the XSS payload is injected into the width
parameter.