Reflected XSS. Steps :First open the website in any browser like chrome or Firefox.Navigate to the search bar where we search subdomain and inject the payload.Payload I:-"<img src=x onerror=alert("xss")>".In similar way users cookies can also be stolen using this payload Payload II:-"<img src=x onerror=alert(document.cookie)>"
282