You need to sign in to do that
Don't have an account?
Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
This looks a lot like automated XSS scanner query.
Do you have a contact named: 72aa<script>alert('a');</script>aab33?
Hi,
No, this is done through HTTPS intercepting within BURP. It clearly modified the URL as there are no insertion points in our code for this URL. I believe the issue lies within the response from Salesforce as it seems to be returning an error regarding the SOQL query. When it returns the message, it also returned the script, which in turned caused alarm in BURP.
I don't know whether to call this a false positive as the script does nothing to execute this code in any way.