23Eki
Is this a type of XSS attack?
I have been exploring customer support in a website as part of bug bounty program.
I then started a chat with their customer support and pasted the following in the box:
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
Without sending the message. Immediately, I got an alert in the browser.
Is this considered a threat? and how it is possible to impact?