Source code

Different xss payload

Injection

DIfferent page number

Different request method (get/post)

Github search

Privilege bypass