Cross Site Scripting (XSS) :
Summary : Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end userâ€™s browser has no way to know that the script should not be trusted and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.
Severity : High
Payload : Enter the payload here
Complexity : Easy
From : Remote / External
Impact :An Adversary can carry out XSS attack and also can take the cookie of the Admin and login through Admin Account.
Also, an adversary can manage to login through any other users account with valid session cookies.
Affected IP's : IP Address Port
Sanitize all the user inputs before executing them, also add XSS protection headers on server and client side.
Proof of Concept :