Vulnerable Cross-Site Scripting (XSS) Demo

This version allows users to submit comments that are rendered without any sanitization or escaping. As a result, an attacker can inject malicious HTML or JavaScript, which will execute in other users' browsers.

You can test this by submitting a comment with script tags or HTML elements and then viewing it on the comment page or admin panel.

Submit Comments (Vulnerable)

Write and submit comments with no filtering — scripts will execute!

Admin Panel (Vulnerable)

View all comments rendered as raw HTML, making this page vulnerable to XSS attacks.