You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.cookie < /script > is submitted through a product review form. The page doesn’t filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
Submit