https://github.com/0xInfection/Awesome-WAF

https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet

https://d3adend.org/xss/ghettoBypass

https://github.com/pgaijin66/XSS-Payloads/blob/master/payload.txt

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

https://www.bugbountyhunter.com/hackevents/report?id=219

https://www.bugbountyhunter.com/hackevents/report?id=78

https://xsshunter.com

https://www.w3schools.com/jsref/dom_obj_event.asp

https://zseano.medium.com/finding-xss-on-apple-com-and-building-a-proof-of-concept-to-leak-your-pii-information-d7bc93cff2df

https://portswigger.net/research/xss-in-hidden-input-fields

https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md

https://ysamm.com/?p=695

https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92e0b24d-4db6-41ab-827f-7940bc126bb8&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

https://whitton.io/articles/uber-turning-self-xss-into-good-xss/

https://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection#polyglot-xss

https://github.com/s0md3v/MyPapers/tree/master/Bypassing-XSS-detection-mechanisms

https://github.com/mazen160/xless

https://github.com/daxAKAhackerman/XSS-Catcher

https://github.com/hahwul/dalfox

https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/index.html

https://github.com/dwisiswant0/findom-xss

https://academind.com/tutorials/localstorage-vs-cookies-xss

https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0

https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html

https://brutelogic.com.br/blog/quoteless-javascript-injections/

https://blog.dixitaditya.com/xss-to-read-internal-files

https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/

https://brutelogic.com.br/blog/xss101/