XSS Context

XSS vulnerabilities are a common “first bug” for people getting into cybersecurity. It is also a mainstay vulnerability that professionals will continue to report well into their careers.

Finding XSS

One of the differences an experienced pentester has when looking for XSS is an understanding of DOM context. Different HTML tags do different things depending on where they are being rendered.
So when you are copying & pasting XSS payloads all around a site take a moment to see where and how they are rendered in the DOM so that you can find a valid XSS to report.