-
Search bars can be a great place for reflected XSS, since they usually also change the URL as you search. So for example, say we had this search endpoint:
cybr.com/search/
When we’d type something in the search bar, we might see this happening to the URL:
cybr.com/search/?q=example search query
If you managed to find an XSS vulnerability through the search bar, and you could copy/paste the URL containing your payload, you could send it to a victim, and if they clicked on it, they’d trigger the XSS:
cybr.com/search/?q=<script>alert(1)</script>