If you use string interpolation by echoing a vulnerable variable inside double quotes, the script does not seem to detect the vulnerability.
Source Code:
code.py Result:
The only place it finds XSS is in line 5, where the variable is echoed by itself. But in line 7, it should detect and report the XSS as well.
If you use string interpolation by echoing a vulnerable variable inside double quotes, the script does not seem to detect the vulnerability.
Source Code:
code.py Result:
The only place it finds XSS is in line 5, where the variable is echoed by itself. But in line 7, it should detect and report the XSS as well.