XSS DETECTED! Alert was called!

Advanced XSS Lab

WAF Bypass | CSP Evasion | Filter Bypass | Advanced Techniques
ADVANCED

Challenges

1 WAF Bypass - Script Tag Blocked 2 WAF Bypass - Event Handler Blocked 3 WAF Bypass - Case & Encoding 4 CSP Bypass - Nonce 5 CSP Bypass - unsafe-inline blocked 6 Mutation XSS (mXSS) 7 Blind XSS 8 Polyglot XSS
Level 1: WAF Bypass - Script Tag Blocked
A WAF is blocking the <script> tag. Find another way to trigger XSS without using script tags.
Medium
WAF Active
Blocked patterns: <script (case-insensitive)
Show Hint
Try HTML tags with event handlers like <img src=x onerror=alert()> or <svg onload=alert()>