Abstract

Cross-Site Scripting (XSS) remains one of the most pervasive and damaging vulnerabilities in web applications, consistently ranking in the OWASP Top 10 security risks. Existing automated scanners often suffer from high false-positive rates, limited payload diversity, and a lack of context-aware detection, significantly reducing their effectiveness in real-world penetration testing engagements. This paper presents the design and implementation of glacier Scan — an Intelligent XSS Payload Detection and Recommendation Tool built using a modern full-stack architecture comprising Python FastAPI, React 18 with TypeScript, SQLite via SQLAlchemy ORM, and JWT-based multi-user authentication. The system integrates a multithreaded web crawler, a dynamic payload generation and mutation engine, an automated injection framework, a context-aware analyzer, and a ranked payload recommendation engine into a unified command-line and web-based application. The tool demonstrates strong detection rates against known-vulnerable web applications, including DVWA, OWASP WebGoat, and testphp.vulnweb.com, and all 18 test cases pass successfully. Results confirm that context-aware payload recommendation significantly improves the actionability of scan findings compared to generic payload lists.