Portswigger DOM XSS in `document.write` sink using source `location.search` inside a select element
Blind XXE with out-of-band interaction via XML parameter entities
Exploiting XXE to perform SSRF attacks
Reflected XSS into attribute with angle brackets HTML-encoded
Reflected XSS with some SVG markup allowed
Basic SSRF against another back-end system
Stored XSS into anchor 'href' attribute with double quotes HTML-encoded
Web shell upload via extension blacklist bypass