Interactive cross-site scripting (XSS) cheat sheet for 2026, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

Aug 21, 2024 · XSS Payload 1. Basic XSS Payload Payload: <script>alert (1)</script> Use: This is the most basic test to check if an input field or URL parameter reflects your input directly into the HTML. …

Learn how to test and exploit Cross-Site Scripting (XSS) vulnerabilities including detection, attack vectors and bypass techniques.

Jul 3, 2025 · Secure your web apps! XSS cheat sheet with attack examples, bypass techniques & prevention methods. Essential cybersecurity reference 2025.

This webpage provides a comprehensive guide on crafting and using XSS payloads for testing web application vulnerabilities.

Clicking the button will trigger an alert. However, the difference with this method is that "the user has to take some action" to trigger XSS, such as clicking the button. In the previous example with the img …

Nov 12, 2023 · Crafting XSS payloads is crucial for understanding web application security and ethical hacking, offering educational insights and generic examples for learners.

Feb 18, 2026 · XSS Vectors Cheat Sheet. GitHub Gist: instantly share code, notes, and snippets.

Details and context for the XSS payload: A polyglot that breaks out of an HTML attribute to create an `svg` tag with an `onload` handler.

A polyglot XSS is a type of cross-site scripting (XSS) payload designed to work across multiple contexts within a web application, such as HTML, JavaScript, and attributes. It exploits the application’s …