XSS

• Nov 11, 2025 Authentication Vulnerabilities: Lab 12: Password brute-force via password change
• Nov 10, 2025 Authentication Vulnerabilities: Lab 10: Password reset broken logic
• Nov 10, 2025 Authentication Vulnerabilities: Lab 11: Password reset poisoning via middleware
• Nov 10, 2025 Authentication Vulnerabilities: Lab 9: Offline password cracking after stealing user session cookie via xss
• Oct 3, 2025 DOM XSS Lab 5: jQuery :contains() selector sink with location.hash source
• Oct 1, 2025 DOM XSS Lab 4: jQuery anchor href sink with location.search source
• Sep 30, 2025 DOM XSS Lab 3: Exploiting innerHTML with location.search in the Search Message
• Sep 29, 2025 DOM XSS Lab 2: Exploiting document.write with location.search in Select Elements