Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.
Cross Site Scripting
From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.