This lab for Web Application Security involved finding an exploit on Exploit DB, replicating it, and for extra credit, Dockerizing it. This provides a good demonstration of a real-world example of reflected and stored XSS.
Link to exploit: https://www.exploit-db.com/exploits/47386
Install instructions (after docker-compose up): https://manual.limesurvey.org/Installation_-_LimeSurvey_CE
Some of the instructions may vary depending on set-up and use.