XSS Lab

Greeting

Hey !

Vulnerability

This lab contains a reflected XSS vulnerability. Try to find it by inspecting the page source and understanding how the `name` parameter is used.

Spoiler - Click to see the solution

Spoiler

This lab contains two XSS vulnerabilities:

A reflected XSS in the "name" parameter, which is directly placed into the HTML. The value is also stored in a cookie and reflected if no name is provided.
A reflected XSS in the "company" parameter, which is injected into a JavaScript variable.

Example Payloads:

                    ?name=<script>alert('XSS1')</script>

                    ?company=';alert('XSS2');'