I've started to get my feet wet testing web apps, and I'm trying to make sense of the output that xss-me add-on in firefox gives you when you run a test on a given page, I've been testing the demo.testfire.net ( altoro mutual )..login page, which test for numerous xss vulnerabilities, but the ones in red are showing what appears to be the script tested, it doesn't seem to work when you inserted the xss in the login form....I don't think that's the actual xss script on the report, but the form in which the script would be inserted....could someone give me a hand interpreting this output?
check the report here!
Attachment re-uploaded for anyone not feeling like using Bugmenot to access the report mentioned in the OP:
-Monkeys are like nature's humans.
sorry... I didn't have anywhere else to upload the file....
but after doing some searching in google, what xss-me is tell you on that report page is that the DOM object is vulnerable to xss attacks in the form in question... in the form of <SCRIPT>document.property</SCRIPT>... now it is up to you to find the actual script to insert on that form.
then again correct me if I'm wrong