Frequently asked questions
Learn more about how XSSR (XSSRush) works, the difference between plans, and how to get started.
XSSR (also known as XSSRush) is an automatic XSS scanner built to detect cross-site scripting vulnerabilities in web applications. It supports multiple scanning methods, including reflected, DOM-based, and parameter-based testing.
XSSR Standard focuses on speed and simplicity, scanning for reflected and POST-based XSS vulnerabilities.
XSSR Pro offers advanced detection, supporting reflected, POST-based, DOM-based, path-based, header-based XSS, and hidden parameter brute forcing for deeper analysis.
XSSR Pro offers advanced detection, supporting reflected, POST-based, DOM-based, path-based, header-based XSS, and hidden parameter brute forcing for deeper analysis.
Yes. XSSR Standard is completely free to use and includes fast scanning for reflected and POST-based XSS vulnerabilities.
For advanced features such as DOM-based, header-based, path-based, and hidden parameter scanning, you can upgrade to XSSR Pro, our paid version designed for deeper and more complex analysis.
For advanced features such as DOM-based, header-based, path-based, and hidden parameter scanning, you can upgrade to XSSR Pro, our paid version designed for deeper and more complex analysis.
Yes. XSSR stores the URLs you submit and the scan results so you and other users can view past scans and learn from shared findings.
However, we do not store or process any private or sensitive data. All submitted data and results are publicly accessible, making XSSR a transparent and community-driven scanning platform.
Absolutely. You can upgrade to XSSR Pro at any time to unlock all advanced scanning modules and premium features.
Your account data and past scans from XSSR Standard will remain available after upgrading.
Don't Just Take Our Word For It
Companies worldwide trust N45HT with their security research and responsible disclosures.
“Again thank you and we wish you the best of luck with your hunting!”
“Thank you very much for your report.”
Bandicam
Screen recording software company
“Kami ucapkan terima kasih atas partisipasi Anda karena telah menemukan Bug yang terdapat di KASKUS.”
KASKUS
Indonesian online forum
“We are deeply grateful for the security issue you shared with us.”
OLX
Global online marketplace
“Thanks very much for participating in the Alibaba Vulnerability Reward Program!”
Alibaba
Chinese multinational technology company
“Thank you for your kind report!”
UnblockVPN
VPN service provider
“Greetings! Thank you for being part of the security community and for your responsible disclosure of this vulnerability.”
Shutterfly
American photography and image sharing company
“Terima kasih buat bantuannya, DomaiNesians. 😁”
DomaiNesia
Indonesian web hosting company
“We look forward to your continuous support in future.”
Samsung
South Korean multinational electronics corporation
“The safety of our users is of utmost importance to us, so we thank you for your report and dedication to keeping our eBay community safe.”
eBay
American multinational e-commerce corporation
“Your effort has been acknowledged on our program page and we hope to have the opportunity to collaborate with you again in the future.”
Toyota
Japanese multinational automotive manufacturer
“Thank you for all your efforts!”
httpstatus.io
Web debugging tool
“Your hard work is both appreciated and valued, thank you once again for reporting your findings!”
New Work SE
Hamburg, Germany
“Terimakasih atas laporannya, sekali lagi kami ucapkan terimakasih.”
Rumahweb
Indonesian web hosting company
“Thank you for helping Razer secure its customers' information.”
Razer Inc.
American-Singaporean multinational corporation and technology company
“Thank you for helping keep xiaomi secure!”
Xiaommi
Chinese multinational corporation and technology company
“This is very helpful.”