css injection attacks for xss are not usable in modern browser - how to handle?

luigiurbano / Reinforced-Wavsep

A reinforced version of the Wavsep evaluation platform.

GNU General Public License v3.0

17 stars 8 forks source link

css injection attacks for xss are not usable in modern browser - how to handle? #4

Closed giper45 closed 4 weeks ago

giper45 commented 4 months ago

They could be considered as false positives in modern browsers. or we should consider as vulnerable

banqueroot commented 1 month ago

Most browsers have protections, but that does not mean that the website is not vulnerable. A XSS vulnerability is due to improper input validation. You should always correct those kind of errors. Some exotic or old browsers still don't have XSS protection also.