XSS Explained - Learn cross-site scripting with examples

A beginner-friendly guide to cross-site scripting using Kurukshetra, an intentionally vulnerable XSS practice lab.

25 November 2022 · 4 min

Mitigating XSS Vulnerability

Learn practical ways to reduce cross-site scripting risk with output encoding, validation, CSP, and safer development habits.

20 August 2022 · 5 min

Challenge 1 - Stored cross-site scripting attack

Practice stored XSS in a vulnerable lab and learn how malicious input can be saved and shown to other users.

13 December 2022 · 5 min

Challenge 2 - Reflected cross-site scripting attack

Practice reflected XSS in a vulnerable lab and learn how it differs from stored XSS during testing.

4 January 2023 · 2 min

Challenge 3 - XSS bypass blacklist HTML tags

Practice bypassing weak XSS tag filters and learn why blacklist-based validation is not enough.

13 January 2023 · 4 min

Challenge 14: XSS bypass blacklisted JS function

This article goes into depth discussing an alternative JavaScript function, namely “confirm()”. It serves as an alternative for the JavaScript “alert()” function when the latter is unavailable.

21 March 2023 · 4 min

Challenge 13: XSS in HTML Anchor Tag

Check out how a security risk can arise from an improperly configured dynamic link generation tag and which can result in XSS exploitation.

16 March 2023 · 4 min

Challenge 12: XSS CSP bypass through remote payload

Learn how to bypass a misconfigured CSP policy and how it can lead to the successful exploitation of cross-site scripting vulnerability.

11 March 2023 · 5 min

Challenge 11: XSS CSP bypass through an inline script

Learn how a misconfigured CSP can be bypassed, potentially leading to the successful exploitation of cross-site scripting vulnerability.

4 March 2023 · 5 min

Challenge 10: XSS bypass backslash escape

Check out how the XSS can be exploited in the HTML tags and learn more about tag-based XSS payload.

28 February 2023 · 5 min

Challenge 9: XSS in the hidden input field

Check out how the XSS can also be exploited in hidden input parameter fields with examples.

24 February 2023 · 5 min

Challenge 8: XSS bypass improper output encoding

Learn how the partially implemented HTML output encoding can be bypassed for exploiting XSS vulnerability using the HTML5 attributes

20 February 2023 · 4 min