Follow-up implementation for #5838.

Proposed Changes

• Add new fuzz analyzer xss_context that:
  • applies nuclei fuzz payload transformations (e.g. [RANDNUM]) before sending
  • replays the rebuilt request via the provided HttpClient
  • detects whether the final payload is reflected in the response body
  • returns a rough reflection context hint (html_comment, script, html_attribute, html)
• Wire the analyzer into the HTTP fuzz pipeline so it can be used in HTTP-based fuzzing flows.

Proof

go test ./pkg/fuzz/... -count=1
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz	0.300s
?    	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers	[no test files]
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/time	1.079s
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/xss	0.121s
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component	0.529s
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat	0.499s
?    	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/frequency	[no test files]
ok   	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/stats	0.475s

Checklist

• PR created against the correct branch (dev)
• Tests added
• Proof included

/claim #5838

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced XSS (Cross-Site Scripting) vulnerability analyzer for fuzzing workflows
  • Detects reflected payloads with context-aware classification (scripts, attributes, comments, HTML content)
  • Integrates with HTTP protocol analysis

• Tests

  • Added comprehensive test coverage for XSS detection and context classification scenarios