Cross-site scripting (DOM-based) burp issues

Asked Aug 27 '18 at 17:43

Active Aug 27 '18 at 17:49

Viewed 1,608 times

In Burp Scanner Report, I got below issue

The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement:

     $(location).attr('href',"/MYAPP/home.action");

How this can be avoided. Will below solution to prepend '/' work in this case or it will be still exploitable

     $(location).attr('href','/'+"MYAPP/home.action");

edited Aug 27 '18 at 17:49

asked Aug 27 '18 at 17:43

Murhari

It’s likely a false positive that can’t be exploited. See the last paragraph under [description](https://portswigger.net/kb/issues/00200310_cross-site-scripting-dom-based) – James Aug 27 '18 at 17:52
@James so prepending '/' will work and this issue will not be reported in re-test using burp ? – Murhari Aug 28 '18 at 09:50
Some issues caught using burp or other testing tool have to be looked at by the developer who checks the code and says “no this is not a problem” and that’s the end of it. Trying to clean up false positives is usually a waste of time. – James Aug 28 '18 at 11:20

0 Answers0