Check out this interesting find by @therceman: Reflected-XSS bypass that turns into Stored-XSS when it extracts all session cookies (even HTTP-only) & works even for logged-out users, too! ? https://twitter.com/therceman/status/1669359903926894592