да нет это я читал много раз и не только это.к mozilla есть дополнение как xss me посе установки находится в контекстном меню я как понял работает как сканер уязвимости xss запускаеш и в этоге выдает это (запустил на pogoda.mail.ru)

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: [\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value: document.vulnerable=true;;

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value: " onmouseover="document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.

Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &{document.vulnerable=true;};
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: +ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true'); ?>

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: cript:document.vulnerable=true">

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ]]

The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: BODY{background:url("javascript:document.vulnerable=true")}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: .XSS{background-image:url("javascript:document.vulnerable=true");}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: exp/*
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: @im\port'\ja\vasc\ript:document.vulnerable=true';
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ¼script¾document.vulnerable=true;¼/script¾
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: li {list-style-image: url("javascript:document.vulnerable=true;");XSS
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: \";document.vulnerable=true;;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: a=/XSS/\ndocument.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
This field passed 77 tests. To see all the passed results, go to Tools->XSS Me->Options and click 'Show passed results in final report' and rerun this test.
q
Submitted Form State:

* unnamed field:
* fr: weather_form

Results:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: [\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: " onmouseover="document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &{document.vulnerable=true;};
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: +ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true'); ?>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: cript:document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ]]
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: BODY{background:url("javascript:document.vulnerable=true")}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: .XSS{background-image:url("javascript:document.vulnerable=true");}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: exp/*
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: @im\port'\ja\vasc\ript:document.vulnerable=true';
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ¼script¾document.vulnerable=true;¼/script¾
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: li {list-style-image: url("javascript:document.vulnerable=true;");XSS
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: \";document.vulnerable=true;;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: a=/XSS/\ndocument.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
This field passed 77 tests. To see all the passed results, go to Tools->XSS Me->Options and click 'Show passed results in final report' and rerun this test.
email
Submitted Form State:

* list_id: 1830
* theme: content_new
* unnamed field: Подписаться

Results:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: [\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: " onmouseover="document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//-->
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &{document.vulnerable=true;};
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: &document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: +ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true'); ?>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: cript:document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ]]
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: BODY{background:url("javascript:document.vulnerable=true")}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: .XSS{background-image:url("javascript:document.vulnerable=true");}
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: exp/*
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: @im\port'\ja\vasc\ript:document.vulnerable=true';
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: ¼script¾document.vulnerable=true;¼/script¾
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: li {list-style-image: url("javascript:document.vulnerable=true;");XSS
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: \";document.vulnerable=true;;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: a=/XSS/\ndocument.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;//
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true;
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: document.vulnerable=true">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value:

Добавлено через 1 минуту
что мне делать с этим??? как это можно использовать....... help me !!!!! pleaz!!!!!

danyobil, раз ты читал, то что ты конкретно не понимаешь? Программа тебе находит уязвимые части сайта, например где сайт не использует фильтры. Твоя задача в получиный url вбить пасивный XSS код и использовать по своему назначению..

Читай, за тебя никто делать не будет. Не так уж трудно все это понять

Norton710...большое тебе спасиббо что ты хотя бы один отвечаеш мне.руками ннаходил пассивки знаю как ими пользоваться. но руками долго...а вот не давно нашел статью про(xss me) это дополнение к мозиле на видео показано как она работает а что дальше делать незнаю.вот например как я могу использовать
Tested value: document.vulnerable=true">
или какую нибудь другую.Можеш объяснить на примере???

если можеш напиши в личку.