I am subscribed to the Intigriti newsletter and I was about to unsubscribe but then I saw that they included this section:
Hacking Time: Can you spot the XSS vulnerability?XSS might be easy to find, or not.... Can you seem to spot the cross-site scripting (XSS) vulnerability in this code snippet?The exploitation method showcased in this example is commonly overseen by most bug bounty hunters, as they’re not aware of the possibility to pass your malicious XSS payload in this different format!
2.5k sats for the first correct answer!
2,500 sats bounty
filter
parameter (e.g., via a URL query string like?filter=<script>alert('XSS')</script>
), it would be executed in the browser because the input is not sanitized or escaped.