XSS
1) Reflected XSS into HTML context with nothing encoded2) Stored XSS into HTML context with nothing encoded3) DOM XSS in document.write sink using source location.search4) DOM XSS in innerHTML sink using source location.search5) DOM XSS in jQuery anchor href attribute sink using location.search source6) DOM XSS in jQuery selector sink using a hashchange event7) Reflected XSS into attribute with angle brackets HTML-encoded8) Stored XSS into anchor href attribute with double quotes HTML-encoded9) Reflected XSS into a JavaScript string with angle brackets HTML encoded10) DOM XSS in document.write sink using source location.search inside a select element11) DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded12) Reflected DOM XSS13) Stored DOM XSS14) Reflected XSS into HTML context with most tags and attributes blocked15) Reflected XSS into HTML context with all tags blocked except custom ones16) Reflected XSS with some SVG markup allowed17) Reflected XSS in canonical link tag18) Reflected XSS into a JavaScript string with single quote and backslash escaped19) Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped20) Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped21) Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped22) Exploiting cross-site scripting to steal cookies23) Exploiting cross-site scripting to capture passwords
PreviousExploiting XXE to retrieve data by repurposing a local DTDNext1) Reflected XSS into HTML context with nothing encoded
Was this helpful?