Jineeshak · July 1, 2024 05:31
diff --git a/XSS b/XSS
 metadata:
  language: v1-beta
  name: "XSS SUS"
  description: "Identify parameters that may be vulnerable to Cross-Site Scripting (XSS)."
  author: "@Jineesh AK"
  tags: "XSS"

 given request then
  if {latest.request.url} matches "\b(\?|&)(name|text|message|comment|description|content|search|query|title|email|username|user|input|output|data|keyword|q|s|p|value|id|item|key|info|details|address|location|number|code|lang|language|subject|body|param|parameter|tag|post|review|feedback|status|note|blog|article)=\b" then
    report issue:
      severity: info
      confidence: tentative
      detail: "Parameter detected that may be vulnerable to Cross-Site Scripting (XSS)."
      remediation: "Validate and sanitize input for the detected parameter to prevent XSS vulnerabilities."
  end if
	metadata:
	language: v1-beta
	name: "XSS SUS"
	description: "Identify parameters that may be vulnerable to Cross-Site Scripting (XSS)."
	author: "@Jineesh AK"
	tags: "XSS"

	given request then
	if {latest.request.url} matches "\b(\?\|&)(name\|text\|message\|comment\|description\|content\|search\|query\|title\|email\|username\|user\|input\|output\|data\|keyword\|q\|s\|p\|value\|id\|item\|key\|info\|details\|address\|location\|number\|code\|lang\|language\|subject\|body\|param\|parameter\|tag\|post\|review\|feedback\|status\|note\|blog\|article)=\b" then
	report issue:
	severity: info
	confidence: tentative
	detail: "Parameter detected that may be vulnerable to Cross-Site Scripting (XSS)."
	remediation: "Validate and sanitize input for the detected parameter to prevent XSS vulnerabilities."
	end if