6Ağu
Is there a potential XSS in this html action attribute?
I'm working on a website and I noticed that if I go to the following URL: website.com/page?alert()
this message is reflected in the action form. I tried to close the action attribute using double quotes in order to try a classic like " onload="alert(1)"
but double quotes are URLencoded if i read the source code. Do you have some suggestion? Or is just a rabbit hole? Thanks
<form method="post" action="./page?alert()" id="cn">
<div class="n">