https://www.trustedsec.com/blog/tricks-for-weaponizing-xss/
https://portswigger.net/web-security/cross-site-scripting/dangling-markup
https://int0x33.medium.com/day-35-xss-payloads-217ab6c6ead7
https://labs.f-secure.com/blog/getting-real-with-xss/
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html
https://medium.com/@nnez/always-escalate-from-self-xss-to-persistent-xss-on-login-portal-54265b0adfd0
https://cirius.medium.com/escalating-xss-to-account-takeover-ffde08624937
https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/?utm_content=109784370&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
https://medium.com/@Ch3ckM4te/self-xss-to-account-takeover-72c89775cf8f
https://hackerone.com/reports/314518
https://infosecwriteups.com/chain-of-low-level-bugs-and-misconfigurations-leads-to-account-takeover-de248fc4e481
https://medium.com/@ephreet/creatively-chaining-xss-techniques-eb5503e15d2e
https://hackerone.com/reports/534450
https://hackerone.com/reports/340431
Last updated 3 years ago
