### XSS via Form Action JavaScript Protocol (Alternative) Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt Similar to a previous form action example, this payload uses a `javascript:` URI in the `action` attribute, but with different HTML entity encoding for the colon and question mark. ```html
``` -------------------------------- ### XSS Payload: Keygen tag Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/encoded-twice.txt Demonstrates an XSS payload using the '' tag with an 'onfocus' event handler to execute JavaScript when the element receives focus. ```HTML ``` -------------------------------- ### XSS via Keygen Onfocus Event Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt This payload utilizes the `onfocus` event handler of a `` HTML element. When the element receives focus (e.g., by tabbing to it), the `prompt(1)` function is executed. ```html ``` -------------------------------- ### XSS via Style Onload Event with JavaScript Protocol Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt This payload uses a ` ``` -------------------------------- ### XSS via MathML A xlink:href Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt This payload leverages MathML's `` tag with an `xlink:href` attribute set to a `javascript:` URI. This can execute JavaScript when the link is activated within a MathML context. ```svg X ``` -------------------------------- ### XSS Payload: SVG with VBScript Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/encoded-twice.txt Demonstrates an XSS payload using an SVG element with 'contentScriptType=text/vbs' to execute VBScript, specifically using 'Execute' to run a message box. ```HTML ``` -------------------------------- ### XSS via Obfuscated Iframe Tag Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt This payload demonstrates an attempt to bypass filters by obfuscating the `f>r>a>m>e> ``` -------------------------------- ### HTML XSS: Object with Scriptlet Data Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/encoded-once.txt Uses an object tag with type 'text/x-scriptlet' and data containing encoded JavaScript to execute a setInterval function. ```html ``` -------------------------------- ### HTML XSS: Iframe with Encoded JavaScript URI and Unicode Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/encoded-once.txt Executes JavaScript via an iframe's src attribute using a javascript: URI with mixed encoding, including Unicode escapes. ```html