Tamper Data
Here’s a more sophisticated tutorial:
Assignment: Test your site security
Install Tamper Data in Firefox on a suitable computer. Now visit your site and find what you can tamper with. Particularly tinker with pages with forms, especially if you use hidden fields.
You can also try it out on Hack This Site (https://www.hackthissite.org/pages/index/index.php), or on your own testing sites like DVWA (http://www.dvwa.co.uk/) or Mutillidae (https://sourceforge.net/projects/mutillidae/).
Here’s how the really sophisticated bad guys do it:
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet.