AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.

Cross-Site Scripting and HTML Injection Testing

Purpose

Execute comprehensive client-side injection vulnerability assessments on web applications to identify XSS and HTML injection flaws, demonstrate exploitation techniques for session hijacking and credential theft, and validate input sanitization and output encoding mechanisms. This skill enables systematic detection and exploitation across stored, reflected, and DOM-based attack vectors.

Inputs / Prerequisites

Required Access

• Target web application URL with user input fields
• Burp Suite or browser developer tools for request analysis
• Access to create test accounts for stored XSS testing
• Browser with JavaScript console enabled