XSS 24

• Exploiting XSS to bypass CSRF defenses Jan 18, 2025
• Exploiting cross-site scripting to capture passwords Jan 18, 2025
• Exploiting cross-site scripting to steal cookies Jan 18, 2025
• Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped Jan 17, 2025
• Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped Jan 17, 2025
• Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped Jan 10, 2025
• Reflected XSS into a JavaScript string with single quote and backslash escaped Jan 10, 2025
• Reflected XSS in canonical link tag Jan 10, 2025
• Reflected XSS with some SVG markup allowed Jan 10, 2025
• Reflected XSS into HTML context with all tags blocked except custom ones Jan 10, 2025
• Reflected XSS into HTML context with most tags and attributes blocked Jan 9, 2025
• Stored DOM XSS Jan 9, 2025
• Reflected DOM XSS Jan 8, 2025
• DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded Jan 8, 2025
• DOM XSS in document.write sink using source location.search inside a select element Jan 7, 2025
• Reflected XSS into a JavaScript string with angle brackets HTML encoded Jan 6, 2025
• Stored XSS into anchor href attribute with double quotes HTML-encoded Jan 6, 2025
• Reflected XSS into attribute with angle brackets HTML-encoded Jan 6, 2025
• DOM XSS in jQuery selector sink using a hashchange event Jan 6, 2025
• DOM XSS in jQuery anchor href attribute sink using location.search source Jan 5, 2025
• DOM XSS in innerHTML sink using source location.search Jan 3, 2025
• DOM XSS in document.write sink using source location.search Jan 3, 2025
• Stored XSS into HTML context with nothing encoded Jan 2, 2025
• Reflected XSS into HTML context with nothing encoded Jan 2, 2025