OWASP ZAP WAVE - Cross Site Scripting (XSS)

Examples

• Simple XSS in a form parameter
• Simple XSS in a URL parameter
• Simple XSS in a cookie parameter
• Simple XSS in a form parameter if its converted to a URL parameter
• XSS in a form parameter with the script tag being stripped out
• XSS in a URL parameter with the script tag being stripped out
• XSS in a form parameter with an anti CSRF token

Not yet implemented

• XSS in an image tag