OWASP Top 10

XSS Lab Navigation

Train across the full XSS chain with reflected, stored, and DOM-based rooms that teach source-to-sink thinking instead of isolated payload memorization.

Reflected XSS

Trace attacker input from the URL into a vulnerable reflection point and trigger execution through weak filtering.

Stored XSS

Persist hostile input, reload the feed, and observe how a trusted render path turns into stored execution.

DOM XSS

Work through a client-side source and sink chain where weak sanitization still leaves the browser room to execute.