all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting XSS in hidden inputs and meta tags

Add to bookmarks
July 11, 2023, 1 p.m. |

PortSwigger Research portswigger.net

In this post we are going to show how you can (ab)use the new HTML popup functionality in Chrome to exploit XSS in meta tags and hidden inputs. It all started when I noticed the new popover behaviour

chrome exploit exploiting hidden html inputs meta popup tags xss

Visit resource

More from portswigger.net / PortSwigger Research

Making Desync attacks easy with TRACE 1 month, 2 weeks ago | portswigger.net
attacks can constraints easy +8
Using form hijacking to bypass CSP 2 months ago | portswigger.net
bypass can configuration csp +6
Top 10 web hacking techniques of 2023 2 months, 2 weeks ago | portswigger.net
community hacking identify research +7
Hiding payloads in Java source code strings 3 months, 1 week ago | portswigger.net
abuse can code conceal +5
Top 10 web hacking techniques of 2023 - nominations open 3 months, 3 weeks ago | portswigger.net
blog blog posts community hacking +8
Finding that one weird endpoint, with Bambdas 4 months, 3 weeks ago | portswigger.net
act balancing act concepts endpoint +6
Blind CSS Exfiltration: exfiltrate unknown web pages 5 months ago | portswigger.net
css discover exfiltration gif +3
The single-packet attack: making remote race-conditions 'local' 6 months, 2 weeks ago | portswigger.net
attack conditions effectively http +10
How to build custom scanners for web security research automation 7 months ago | portswigger.net
aid attack automation build +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Privacy Engineer, Implementation Review

@ Meta | Menlo Park, CA | Seattle, WA
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

SOC Analyst

@ Rubrik | Palo Alto
View on infosec-jobs.com

Consultant Tech Advisory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs