Questions

1. What are the different principle types of XSS?
2. Which XSS varieties are most dangerous/impactful?
3. What's the value of XSS Validator as an extension?
4. What does the phantomjs server do?
5. How do you select payloads for fuzzing in Burp Intruder?
6. What are the most important things to include about XSS in your submission report?
7. What's a worst-case attack scenario for a hacker who's found an XSS bug to exploit?
8. Why is including an attack scenario in your report submission important?