Xss(mapping=None, *, ignore_unknown_fields=False, **kwargs)Information reported for an XSS.
Attributes | |
|---|---|
| Name | Description |
stack_traces |
MutableSequence[str]
Stack traces leading to the point where the XSS occurred. |
error_message |
str
An error message generated by a javascript breakage. |
attack_vector |
google.cloud.websecurityscanner_v1.types.Xss.AttackVector
The attack vector of the payload triggering this XSS. |
stored_xss_seeding_url |
str
The reproduction url for the seeding POST request of a Stored XSS. |
Classes
AttackVector
AttackVector(value)Types of XSS attack vector.
Values: ATTACK_VECTOR_UNSPECIFIED (0): Unknown attack vector. LOCAL_STORAGE (1): The attack comes from fuzzing the browser's localStorage. SESSION_STORAGE (2): The attack comes from fuzzing the browser's sessionStorage. WINDOW_NAME (3): The attack comes from fuzzing the window's name property. REFERRER (4): The attack comes from fuzzing the referrer property. FORM_INPUT (5): The attack comes from fuzzing an input element. COOKIE (6): The attack comes from fuzzing the browser's cookies. POST_MESSAGE (7): The attack comes from hijacking the post messaging mechanism. GET_PARAMETERS (8): The attack comes from fuzzing parameters in the url. URL_FRAGMENT (9): The attack comes from fuzzing the fragment in the url. HTML_COMMENT (10): The attack comes from fuzzing the HTML comments. POST_PARAMETERS (11): The attack comes from fuzzing the POST parameters. PROTOCOL (12): The attack comes from fuzzing the protocol. STORED_XSS (13): The attack comes from the server side and is stored. SAME_ORIGIN (14): The attack is a Same-Origin Method Execution attack via a GET parameter. USER_CONTROLLABLE_URL (15): The attack payload is received from a third-party host via a URL that is user-controllable