Exploit a reflected Cross-Site Scripting vulnerability where inputs from search query parameters are reflected back onto the page unescaped. Run script payloads to abuse the client scope.
Identify unescaped query reflection inputs in the target application
Construct and inject an executable reflected JavaScript script payload
Leak administrative variables and bypass DOM sandboxes for CTF flag capture