
Cross-site scripting is a classic well-known type of attack that is possible because some software applications take user input in an insecure way. This happens via search fields, survey forms, cookies, and online web forms.
Types → Reflected XSS, Stored XSS, and DOM XSS.
Reflected XSS → This attack occurs when a malicious script is reflected in the website’s results.
Payloads are:
'-alert("XSS")-'



'-alert(document.cookie)-'



'-alert(document.domain)-'



'-alert(document.location="http://www.bing.com")-' | (301 Moved Permanently)
Here comes the POC
Thanks for reading! I hope this helps,
happy learning buddies! 🙂