A bug bounty mistake…
Sometimes if it looks like XSS, it may not actually be XSS.
There was once a time when I had first started looking for security vulnerabilities on real targets. I had spent a few weeks learning everything I could, and I had already spent about a year learning Web Development.
In all honesty, I did not have a freaking clue what I was doing.