Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Lab: Reflected XSS into HTML context with nothing encoded


This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.

To solve the lab, perform a cross-site scripting attack that calls the alert function.


  1. Copy and paste the following into the search box:

  2. Click "Search".

Community solutions

Michael Sommer