Back to Practice
XSS Demo
XSS Vulnerability Demo
Practice detecting XSS (Cross-Site Scripting) vulnerabilities. This is a safe demo environment.
Educational Purpose Only
This demo shows how XSS works. NEVER attempt these attacks on real websites without permission.
Common XSS Payloads (Click to test)
Prevention Methods
- • Escape HTML entities (< > ")
- • Use Content Security Policy (CSP)
- • Validate and whitelist input
- • Use frameworks with auto-escaping
Types of XSS
- • Stored: Payload saved in database
- • Reflected: Payload in URL/request
- • DOM-based: Client-side manipulation
Automation Tips
- • Payload Testing: Inject XSS payloads and check if scripts execute
- • Output Validation: Verify special characters are escaped in response
- • Tools: Use OWASP ZAP, Burp Suite, or XSS Hunter for detection
- • CSP Check: Verify Content-Security-Policy header is present