Our community has moved to Discord. Join us there!
These forums are still up for historical purposes.

Home Page Forums General Discussions Would “Search Bars” be considered Self-XSS ? Reply To: Would “Search Bars” be considered Self-XSS ?

  • Christophe

    July 12, 2021 at 7:50 pm

    Search bars can be a great place for reflected XSS, since they usually also change the URL as you search. So for example, say we had this search endpoint:


    When we’d type something in the search bar, we might see this happening to the URL:

    cybr.com/search/?q=example search query

    If you managed to find an XSS vulnerability through the search bar, and you could copy/paste the URL containing your payload, you could send it to a victim, and if they clicked on it, they’d trigger the XSS: