## https://sploitus.com/exploit?id=075436A9-B933-5468-B0D9-F9AC8F92DEEC
# Reflected XSS Demo
Small intentionally vulnerable local target for AERIS/weapon-master testing.
The `/search?q=` route reflects user input without escaping.
Run:
```bash
node server.js
```
Default target:
```text
http://localhost:3000/search?q=%3Cscript%3Ealert(1)%3C/script%3E
```