HTML Injection on a web page that does not accept data entry?

47 views Asked by At

Can HTML Injection or XSS Injection be done on a web page that does not accept data entry (search, username, password, etc.)?

1

There are 1 answers

2
Marek Puchalski On BEST ANSWER

Yes. DOM-Based XSS vulnerability does not need a REST endpoint to even exist. The attack goes directly to the DOM model of the web page. Actually one of the most troublesome versions of XSS out there.