0

Burp reported potential DOM XSS. Data is read from location and passed to the 'init()' function of JQuery via:

var table = location['table'] || location['sysparm_table'];
snPresence.init(table, sys_id, query);

URL looks as such,

https://publicsite.com/scripts/Scoreboard/js_includes_cmdb_scoreboard.jsx

Is this vulnerable? How can I check if vulnerable with Chrome DevTools?

Portswigger also mentions the init() sink of JQuery as leading to DOM XSS
https://portswigger.net/web-security/cross-site-scripting/dom-based

Improve this question
2
  • 1
    Welcome Romanenko! This is probably a method of a library you are using. I think you should investigate inside that init() method. As I know, there is no default init() method of JQuery, please correct me if I am wrong. Commented May 5, 2020 at 11:15
  • 1
    @Pilfility there is one but it don't know that it is the one referenced in the code snippet and anecdotally it is not something that I have seen used in the wild Commented May 6, 2020 at 23:40

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.