Vulnerabilities 16

• Lab - Reflected XSS into HTML context with all tags blocked except custom ones Jan 22, 2026
• Stored DOM XSS Jan 20, 2026
• Reflected XSS into HTML context with most tags and attributes blocked Jan 20, 2026
• Stored XSS into anchor href attribute with double quotes HTML-encoded Jan 19, 2026
• Reflected XSS into attribute with angle brackets HTML-encoded Jan 19, 2026
• Reflected XSS into a JavaScript string with angle brackets HTML encoded Jan 19, 2026
• Reflected DOM XSS Jan 19, 2026
• DOM XSS in jQuery selector sink using a hashchange event Jan 19, 2026
• DOM XSS in document.write sink using source location.search inside a select element Jan 19, 2026
• DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded Jan 19, 2026
• Stored XSS into HTML context with nothing encoded Jan 18, 2026
• DOM XSS in jQuery anchor href attribute sink using location.search source Jan 18, 2026
• DOM XSS in innerHTML sink using source location.search Jan 18, 2026
• DOM XSS in document.write sink using source location.search Jan 18, 2026
• Reflected XSS into HTML context with nothing encoded Jan 17, 2026
• XSS:From Browser Parsing to Exploitation Dec 1, 2025