I have a question regarding xss injection which i couldn't find it with Google. So after reading about xss injection and done some test on my web app project i identified some vulnerable spots. The behavior is the following:
-if i input a code similar to this one <script>alert(document.cookie)</script>"> on a form, the customized page error appears.
My question is: this means that the app is vulnerable and an advanced security user can pass customized page error and see the error code which can use it to sql injection for example.
Thanks in advanced,
Dan Claudiu Pop