XSS in Hidden Input Fields
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it’s behaving properly. Whilst doing this recently,Liam found a Cross-Site Scripting (XSS) vulnerability in [REDACTED], inside a hidden input element: <input type=”hidden” name=”redacted” value=”default” injection=”xss” /> XSS in hidden inputs is frequently very difficult […]