Merge pull request #504 from bugcrowd/updates-to-xxs-ie-eleven

Depreciation of IE11 XSS findings and update to IE Only as P5

submissions/description/cross_site_scripting_xss/ie_only/template.md

@@ -2,18 +2,16 @@
 
 ## Overview of the Vulnerability
 
-Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the Javascript executes within that user’s browser in the context of the domain. This instance of XSS can be found on the domain which allows an attacker to control code that is executed within a user’s Internet Explorer browser.
-
-From here, an attacker could carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions. This can result in modification, deletion, or theft of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session.
+Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the Javascript executes within that user’s browser in the context of the domain. This instance of XSS can be found on the domain which allows an attacker to control code that is executed within a user’s Internet Explorer browser. From here, an attacker could carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions.
 
 ## Business Impact
 
-XSS could lead to data theft through the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
+XSS could result in reputational damage for the business through the impact to customers’ trust.
 
 ## Steps to Reproduce
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
-1. Use an Internet Explorer 11 browser to navigate to: {{URL}}
+1. Use an Internet Explorer browser to navigate to: {{URL}}
 1. Forward the following request to the endpoint:
 
 ```HTTP
@@ -25,6 +23,6 @@ XSS could lead to data theft through the attacker’s ability to manipulate data
 
 ## Proof of Concept (PoC)
 
-Below is a screenshot demonstrating the injected JavaScript executing:
+The following screenshot(s) demonstrate(s) this vulnerability:
 
 {{screenshot}}