Cross-site scripting seems lame, but it can actually be very crazy.

An actual XSS on google.com by Masato Kinugawa. It abuses a parser differential between a JavaScript enabled and disabled context.
There are a lot of charlatans out their overhyping by posting misleading content. It's infuriating because a lot of the actual research is less flashy and thus more hidden. Maybe I'm a bit too pessimistic in this video, but I think it's a concrete example we can use talk about it.

Discover by Web Vulnerabilities

This category is about common web applocation vulnerability patterns like XSS, CSRF, SSRF and more.