Ok so I just wanted to know, is this necessarily a XSS vulnerability, as it does not output the results as such?
For example:
if($_GET['doRedirect'] == "yes") {
//redirect Page
} else {
//dont redirect page
}
then
http://example.com?doRedirect=yes
I have read up on all of the XSS stuff and thought I had a good understanding of it, although now im slightly confused. Is XSS only possible if the user input is then output on the page?
Many thanks :)