Path:/loginVulnerabilities:Cross-sitescripting (reflected), DOM data manipulation (reflectedDOM-based)
Vulnerability 1: Cross-site scripting (reflected)
testing
<script>alert(1)</script>
Everytime this gives same error message when suppied wrong username or password.
This means that this is also a false positive result shown by the scanner.
Vulnerability 2: DOM data manipulation (reflected DOM-based)
This vulnerability also didn't work as there is no URL parameter to add the payload we used before like <b> VISHAL</b> . Also, Every time same error message that is "Invalid Username and password" is shown.
This means that this is also a false positive result shown by the scanner.
