Cornelius Donkor
Ethical hacker finding and reporting critical web flaws
New to Contra
Cornelius is building their profile!
This is a classic xss vulnerability in web appThe screenshot shows a successful Cross-Site Scripting (XSS) test on the OWASP Juice Shop application. A malicious payload (<script>alert('xss')</script>) was injected into the search function, triggering a JavaScript alert popup confirming that user input is not properly sanitized and is executed in the browser.
An attacker can steal session cookies and impersonate users.
Impact:
Log in as the victim without credentials
Access sensitive data (emails, dashboards, payments)
Full account takeover in many cases
0
16