| XSS | Reflected, Stored, DOM-based, framework-specific (React, Vue, Angular) |
| CSRF | Token bypass, SameSite cookie bypass, cross-origin requests |
| CORS | Misconfigured origins, null origin, wildcard credentials |
| Clickjacking | Frame-based, drag-and-drop, multi-step |
| DOM-based | DOM sinks, source/sink analysis, JavaScript URL schemes |
| Prototype Pollution | Client-side gadgets, server-side pollution, property injection |