Cross-site scripting
Cross-site scripting (XSS) is a vulnerability that allows an attacker to insert client-side script into web pages. It can allow attackers to bypass security and execute their own code. Any input field or text area field that does not appropriately filter user input could be a potential doorway for a hacker to inject their XSS code into your website.
We can simulate this vulnerability by removing the input filtering on one of the fields in our form in the frontend updfolio view. Edit folio.xml located under /components/com_folio/models/forms and add the following highlighted code:
<field name="company" type="text" class="inputbox"
size="40" label="COM_FOLIO_FIELD_COMPANY_LABEL"
description="COM_FOLIO_FIELD_COMPANY_DESC" required="true" filter="raw" />By adding the raw filter, we tell Joomla! to not filter the input and just accept it as is, which is something you wouldn't normally want to do.
Now via the updfolios view on your frontend, edit one of the records...
