Level 1: Hello, world of XSS
This level demonstrates a common cause of cross-site scripting where user
input is directly included in the page without proper escaping.
Interact with the vulnerable application window below and find
actions inside the vulnerable window or directly edit its URL bar.
the frame below.
Once you show the alert you will be able to advance to the next level.
Target code (toggle)
Hints 0/3 (show)
To see the source of the application you can right-click on the
frame and choose View Frame Source from the context menu or use your
browser's developer tools to inspect network traffic.
What happens when you enter a presentational tag such as <h1>?
Alright, one last hint: <script> ... alert ...