I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
Here’s a small #XSS list for manual testing (main cases, high success rate).
"><img src onerror=alert(1)>
Try it on: – URL query, fragment & path; – all input fields.
From BruteLogic Twitter account : https://twitter.com/brutelogic
How I was able to discover a Stored XSS vulnerability in Charitybuzz.com – Binit Ghimire
How I discovered a Stored XSS vulnerability in 1MB.site – Binit Ghimire
How I was able to Discover a Stored Cross-site Scripting (XSS) vulnerability in Flaticon – Binit Ghimire