Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp not reporting XSS issues

Chadwick Glynn Jul 24, 2019 03:26PM UTC

I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept.

Recently, I found a number of XSS manually using a simple alert script (<script>alert(1)</script>) on a number of different web pages, but no XSS issues are showing up in the site map tab for the website as i expected. The contents show my modified requests, as well as the alert script showing the the response.


Liam Tai-Hogan Jul 25, 2019 03:05PM UTC Support Center agent

Would it be possible to send us the requests and responses displaying the issues that Burp isn’t finding?

You can send any sensitive information to support@portswigger.net.


Chadwick Glynn Jul 26, 2019 03:45PM UTC
I emailed the data a short time ago. Thanks!

Post Your public answer

Your name
Your email address
Answer