Now sure I ca" />

Prove XSS in value tag without alertbox

2018-04-10 10:30:39

While testing a website that has a responsible disclosure policy I found out that I can insert code and close the tag and insert some text of my own:

Now sure I can send them an email showing them I can insert text and

javascript:

onload= (and onmouseover, onfocus etc.)

onload: