How to Upgrade Your XSS Bugs from Medium to Critical

Photo by Paul Esch-Laurent on Unsplash

TL;DR: Before you report an XSS, look for ways it can be leveraged to increase severity. Here’s my repo containing weaponised JavaScript payloads for popular platforms like Wordpress and Drupal. More will be added in the coming weeks.

It feels like every day that I see another under-leveraged XSS writeup hit my Twitter feed. I saw another one today, I don’t want to name and…