I was doing Filtered XSS section in Cross Site Scripting (XSS) module. Although I got the flag by using the same payload as I used in previous section: Stored XSS of the module, I was receiving the alert even when I refresh the page. I find it odd because the section explains that it is just temporary and non-persistent XSS does not execute after page being refresh. What am I doing wrong in comparision to the concept that is being taught here?
1 Like
no, if its reflected it won’t trigger on refresh
in case it is, it is either a stored or a DOM XSS