References
Hacker101 - XSS Tutorial
Acunetix - Cross-site Scripting (XSS) Attackl
A timing attack with CSS selectors and Javascript
Examples
[2021] - XSS on forums.oculusvr.com leads to Oculus and Facebook account takeovers
[2020] - [gitlab] - Stored XSS on PyPi simple API endpoint
[2020] - [gitlab] Stored XSS in markdown when redacting references
[2020] - Self XSS in Shopify
[2020] - Stored XSS in collabora via user name
[2020] - $25K Instagram Almost XSS Filter Link — Facebook Bug Bounty
[2020] - Stored XSS on upload files leads to steal cookie
[2020] - Reflected XSS in https://blocked.myndr.net
[2019] - Potential unprivileged Stored XSS through wp_targeted_link_rel
[2019] - The Bug That Exposed Your PayPal Password
[2019] - Reflected XSS at https://pay.gold.razer.com escalated to account takeover
[2019] - XSS in GMail’s AMP4Email via DOM Clobbering
[2019] - Stored XSS vulnerability in comments on *.wordpress.com
[2019] - Wordpress Cross-Site Scripting Vulnerability Notification II
[2019] - XSS in Shopify while logging using Google
[2019] - Stored XSS in Wiki pages
[2019] - Stored XSS on https://core.trac.wordpress.org
[2019] - Zomato - Self-Stored XSS - Chained with login/logout CSRF
[2019] - From Parameter Pollution to XSS
[2018] - Stored XSS on Snapchat
[2018] - Stored XSS, and SSRF in Google using the Dataset Publishing Language
[2018] - Blind XSS in one of the Admin Dashboard
[2018] - How I found a stored XSS on thousands of webshops
[2018] - Reflected XSS on https://www.zomato.com
[2018] - Reflected XSS on $Any$.myshopify.com/admin
[2018] - XSS on www.paypal.com/paypalme/my/landing
[2018] - hxp CTF 2018: µblog
[2017] - Cross-Site Scripting to Local File Inclusion on Trello’s App
[2017] - App Maker and Colaboratory: a stored Google XSS double-bill
[2017] - Managed Apps and Music: a tale of two XSSes in Google Play
[2017] - [dev.twitter.com] XSS
[2017] - Tinymce 2.4.0 XSS in Shopify
[2017] - Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
[2017] - Reflected XSS - gratipay.com
[2017] - Uber XSS via Cookie
[2017] - XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"
[2017] - Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities
[2016] - Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded
[2016] - Uber XSS 7000$
[2016] - AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2
[2016] - Coming across an XSS vulnerability at Google sites
[2016] - Combining host header injection and lax host parsing serving malicious data
[2016] - Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212)
[2016] - Yahoo Mail stored XSS #2
[2016] - Yahoo Mail stored XSS
[2016] - Stored XSS on developer.uber.com via admin account compromise
[2016] - Html Injection and Possible XSS in sms-be-vip.twitter.com
[2016] - Google Account Recovery XSS
[2016] - Google RPO Gadgets Lead to XSS
[2016] - Sleeping stored Google XSS Awakens a $5000 Bounty
[2015] - XSS via Host header - www.google.com/cse
[2013] - Google, Open Redirects that Matter
[2013] - How I got the Bug Bounty for Mega.co.nz XSS
[2013] - Google Account Recovery Vulnerability