How do I XSS?
First, you need to find an input that allows HTML characters - I chose scratchsig tag. Next, you need to make script to execute. alert(document.domain) is commonly used.
There are 3 types of XSS: Stored XSS stores crafted content, Reflected XSS uses crafted payload from URL, and DOM XSS is a XSS that happens in the browser, instead of the server.
There are two ways of doing this. script tag is useful for Stored and Reflected XSS:
You can also use onerror, which is used for Reflected and DOM XSS:
<img src onerror="alert(document.domain)">