Cross-site scripting archivos - cyberhub.es

Exploiting cross-site scripting to capture passwords

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Exploiting XSS to bypass CSRF defenses

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS in canonical link tag

Reflected XSS with some SVG markup allowed

Reflected XSS into HTML context with all tags blocked except custom ones

Reflected XSS into HTML context with most tags and attributes blocked