## Apprentice Level - ✅ [[1. Reflected XSS into HTML context with nothing encoded]] - ✅ [[2. Stored XSS into HTML context with nothing encoded]] - ✅ [[3. DOM XSS in document.write sink using source location.search]] - ✅ [[4. DOM XSS in innerHTML sink using source location.search]] - ✅ [[5. DOM XSS in jQuery anchor href attribute sink using location.search source]] - ✅ [[6. DOM XSS in jQuery selector sink using a hashchange event]] - ✅ [[7. Reflected XSS into attribute with angle brackets HTML-encoded]] - ✅ [[8. Stored XSS into anchor href attribute with double quotes HTML-encoded]] - ✅ [[9. Reflected XSS into a JavaScript string with angle brackets HTML encoded]] ## Practitioner Level - ✅ [[10. DOM XSS in document.write sink using source location.search inside a select element]] - ✅ [[11. DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded]] - ✅ [[12. Reflected DOM XSS]] - ✅ [[13. Stored DOM XSS]] - ✅ [[14. Reflected XSS into HTML context with most tags and attributes blocked]] - ✅ [[15. Reflected XSS into HTML context with all tags blocked except custom ones]] - ✅ [[16. Reflected XSS with some SVG markup allowed]] - ✅ [[17. Reflected XSS in canonical link tag]] - ✅ [[18. Reflected XSS into a JavaScript string with single quote and backslash escaped]] - ✅ [[19. Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped]] - ✅ [[20. Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped]] - ✅ [[21. Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped]] - ✅ [[22. Exploiting cross-site scripting to steal cookies]] - ✅ [[23. Exploiting cross-site scripting to capture passwords]] - ✅ [[24. Exploiting XSS to bypass CSRF defenses]] - ✅ [[29. Reflected XSS protected by very strict CSP, with dangling markup attack]] ## Expert Level - ✅ [[25. Reflected XSS with AngularJS sandbox escape without strings]] - ✅ [[26. Reflected XSS with AngularJS sandbox escape and CSP]] - ✅ [[27. Reflected XSS with event handlers and href attributes blocked]] - ✅ [[28. Reflected XSS in a JavaScript URL with some characters blocked]] - ✅ [[30. Reflected XSS protected by CSP, with CSP bypass]]