[Pentester Academy] Web Application Security Challenge 20 This is one of the simplest XSS challenge. Insert <iframe src="" onmouseover="alert(document.cookie)"> in the search field.