With regards to XSS injections on webpages, if a certain alert script is run in a URL or search box and the website reloads as normal, does that mean that there is a filter on the site, or is the site not vulnerable? All answers are appreciated. Thanks!
The XSS you talking about is probably in get method because run in url I don’t know why just works only in first time I know that some browsers have a option to not show alert messages when repeats, but you can try use some html element to test, try inject some elements and check if it always is showed.