Collecting XSS Subreddit Payloads

Having a good collection of Cross-Site Scripting (XSS) payloads is useful when you want to thoroughly test a web site’s ability to defend itself from being exploited. In most cases you can just run any one or more open source and/or commercial scanning tools to test your web site.

Do NOT use alert(1) in XSS

Truffle Security relaunches XSS Hunter tool with new features

What is Cross-site Scripting (XSS)? Stored, DOM & Reflected Examples

Collecting Payloads From CTF PCAPs, by Px Mx

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

A Census of Deployed Pulse Connect Secure (PCS) Versions, NCC Group Research Blog

XSS Hunter on

XSS Payload List - Cross Site Scripting Vulnerability Payload List

Getting Started with Payload CMS & Vue JS - DEV Community