That doesn't look like a new attack vector, this is called phishing, isn't it?
XSS means you can inject and persist code in a webpage maintaining the same URL accessed by other users.
If you create a bigbank-fake.com and copy a manipulated version of bigbank.com's HTML, this is not XSS.
That doesn't look like a new attack vector, this is called phishing, isn't it?
XSS means you can inject and persist code in a webpage maintaining the same URL accessed by other users.
If you create a bigbank-fake.com and copy a manipulated version of bigbank.com's HTML, this is not XSS.