Zapotek
commented
6 years ago The necessary XSS payload is very specific to this software, adding it in general would just slow down the scan without yielding any results.
For these cases you're better off with a tool that looks for known vulns rather than a black-box scanner.
Am writing to report a feature request / false negative. Am running a website built on Microsoft Sharepoint as its CMS, which was reported on a BugBounty site to be vulnerable to XSS a few weeks back. Began scanning the site in earnest to find it with multiple scanners, but wasn't able to, prior to being reported online.
Yesterday, I googled the "FollowSite" URI, and found an article detailing the root cause, and realized we had several Sharepoint-based sites that were missing security patches that were released in June 2017: http://respectxss.blogspot.com/2017/06/a-look-at-cve-2017-8514-sharepoints.html
http://[redacted]/Pages/Home.aspx?FollowSite=0&SiteName=%27-confirm(%27OPENBUGBOUNTY%27)-%27
Given the number of sites identified in the article, it seems worth considering adding capability to detect this.
Thanks.