Skip to content

Horizon3.ai Docs

H3 2022 0001

Horizon3.ai Docs

Home
Quickstart
Quickstart
- Setup NodeZero Host
  Setup NodeZero Host
- Run an Internal Pentest
  Run an Internal Pentest
Portal
Portal
- Test Types
  Test Types
  - Internal Pentest
    
    Internal Pentest
  - External Pentest
    
    External Pentest
    
    Create an Asset Group
    
    Run Asset Discovery
    
    Authorize Assets
    
    Run External Pentest
  - AWS Pentest
    
    AWS Pentest
  - Azure Entra ID
    
    Azure Entra ID
  - Kubernetes Pentest
    
    Kubernetes Pentest
    
    Operator ClusterRole CRD
    
    Pentest & Runner ClusterRole CRD
  - AD Password Audit
    
    AD Password Audit
  - Segmentation Test
    
    Segmentation Test
  - Phishing Test
    
    Phishing Test
    
    The NodeZero Phishing Script
  - Insider Threat Test
    
    Insider Threat Test
  - Rapid Response
    
    Rapid Response
    
    Alerts
    
    Alerts
    
    Rapid Response Activity Cards
    
    Rapid Response Activity Cards
    
    Targeted Tests
    
    Targeted Tests
  - 1-Click Verify
    
    1-Click Verify
- Portal Settings
  Portal Settings
  - Set a Proxy
    
    Set a Proxy
  - Email Notifications
    
    Email Notifications
  - Pentest Templates
    
    Pentest Templates
  - User Management
    
    User Management
  - Client Management
    
    Client Management
  - Single Sign-On (SSO)
    
    Single Sign-On (SSO)
  - IDentity Provider (IdP) Guides
    
    IDentity Provider (IdP) Guides
    
    Azure
    
    Okta
- Features
  Features
  - Attack Configuration
    
    Attack Configuration
    
    Remote Access Tool
  - BloodHound
    
    BloodHound
  - Injecting Credentials
    
    Injecting Credentials
    
    Injecting an AWS Role
    
    Injecting an Azure MFA Credential
  - Schedules
    
    Schedules
  - Co-Branding
    
    Co-Branding
Tripwires
Tripwires
- Getting Started
- Management
- Alerts
- Settings
  Settings
Insights
Insights
CLI
CLI
- Getting Started
- Guides
  Guides
API
API
- API Reference
  API Reference
Release Notes
Release Notes
- 2024.12
- 2024.11
- 2024.10
- 2024.09
- 2024.08
- 2024.07
- 2024.06
- 2024.05
- 2024.04
- 2024.03
- 2024.02
- 2024.01
Downloads
Downloads
- NodeZero Host VM (OVA/VHD)
  NodeZero Host VM (OVA/VHD)
  - N0 utility
- Host Check Script
- Splunk App
- Ubuntu Setup Script
Knowledge Base
Knowledge Base
- NodeZero Modules
  NodeZero Modules
  - Cyanide
    
    Cyanide
- Glossary
  Glossary
- Sensitive Data
  Sensitive Data
- Weaknesses
  Weaknesses
- Exposure Score

H3-2022-0001

Web Application Cross Site Scripting Vulnerability


Category	`VULNERABILITY`
Base Score	`6.1`

Description

Cross-site scripting is an client-side attack method that injects malicious code such as JavaScript or iFrames into a vulnerable web application to exploit users of the application.

Impact

This attack permits unauthenticated remote attackers to gain the privileges of exploited users of the web application. The extent of impact depends on the permissions that exploited users have within the application.

References

Cross Site Scripting (XSS)