1. Test other website and input the code
or alert(‘x’); on search box.
2. The result was show a heading title, but I’m not sure, then
3. Check the selection source to make sure it’s not a bold
4. Check if the query was processed by server without filtering
THIS SITE WAS HACKED
Beef XSS Query: Vulnerable XSS