September 14, 2021

Would this specific type of situation be considered an XSS vulnerability?

Hi. I found a website which has a search bar. The search bar sends a GraphQL query for each input change. If it does not find something, it will return with the exact search query and display ‘No results found …”, where ‘…’ is the search query.

If I put the search with a script tag that alerts something and some other specific words, it will return the query and run it on the browser and the alert shows. The thing is, I am not really sure how GraphQL works. The URL of the webpage does not change. I can also see that a GraphQL query was made and it returned the search query (through Chrome Dev Tools Network tab).

Would this be considered an XSS vulnerability?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.