Burp not reporting XSS issues
I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept.
Recently, I found a number of XSS manually using a simple alert script (<script>alert(1)</script>) on a number of different web pages, but no XSS issues are showing up in the site map tab for the website as i expected. The contents show my modified requests, as well as the alert script showing the the response.
Would it be possible to send us the requests and responses displaying the issues that Burp isn’t finding?
You can send any sensitive information to email@example.com.