This short demo shows how severe the impact of Cross-Site-Scripting (XSS) on a web application can be: It makes the OWASP Juice Shop shake and dance *and* reports all interaction with the Login-form to a third party!

Implemented by Timo Pagel. Recorded at the OWASP Summit 2017