I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
Here’s a small #XSS list for manual testing (main cases, high success rate).
"><img src onerror=alert(1)>
Try it on: – URL query, fragment & path; – all input fields.
From BruteLogic Twitter account : https://twitter.com/brutelogic
Hitachi HIRT xss reflected
How I was able to discover a Stored XSS vulnerability in Charitybuzz.com – Binit Ghimire
How I discovered a Stored XSS vulnerability in 1MB.site – Binit Ghimire
How I was able to Discover a Stored Cross-site Scripting (XSS) vulnerability in Flaticon – Binit Ghimire
My name is Ismail Tasdelen. As a security researcher. In this article, I created a resource for you to get better information about xss. There are many xss bypass payloads in this resource, and there are a lot of technical sources. I hope that will be useful.