mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

xss-payloads.txt

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Cross-Site Scripting (XSS)

Description

Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Types of XSS

Reflected XSS: Script is reflected off the web server
Stored XSS: Script is permanently stored on the target server
DOM-based XSS: Vulnerability exists in client-side code

Common Attack Vectors

Input fields
URL parameters
HTTP headers
File uploads
Comment sections

Testing Approach

Submit JavaScript code in various input points and observe if the code gets executed in the browser.

Payloads

See xss-payloads.txt for a comprehensive list of XSS payloads.