10Şub
What are the risks of XSS in this forms?
I recently developed a website that was operational for me ^^
However, someone came to try injections and found an XSS flaw.
I have a form like this:
<h2>
<span>Search</span>
</h2>
<div class "col-xs-12">
<input id="in" type="text" name="in" value="" required="" placeholder="value">
</div>
When he enters
"><script>alert(1)</script>
in the form, this changes my HTML like this:
<h2>
<span>Search</span>
</h2>
<div class "col-xs-12">
<input id="in" type="text" name="in" value="\">
<script>alert(1)</script>
" required placeholder="value">
</div>
And it shows me the famous pop-up with the value 1.
Being a beginner, I can't see how this can be dangerous, since the attacker can only execute his script on his client side, right?
Or he can execute code that allows access to my database?