Using OWASP Mutillidae II, let's determine whether the application protects against reflected cross-site scripting (XSS).