Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Step 1: Create a file named evil.html
<html>
<script type="text/javascript">alert(document.domain)</script>
</html>
Paste the code above inside the file of evil.html
Step 2: Login as admin
Step 3: Go to Assets
Step 4: Upload the created file
Step 5: Copy asset link and paste it at a new tab.
Step 6: XSS triggered