Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

1,393,934 Successful fuzzes

Fuzz Database


0.0
Vector Created By
characters between open angle bracket and tag name (fixed) @Lamp_AE
TagName space @VlbLeeuwarde
close tag construction chars @jangamingnl1
unicode tag @_Ronr_
test uno @Artys_san
chars allowed between a html entity @S1r1u5_
valid JS statement separators chrome @insertScript
testfgdfgdf @script92538206
Tags with JS capable Events @Lamp_AE
Tags with Onerror @Lamp_AE
Characters that can go on either side of in attribute @Lamp_AE
Valid HTML Attribute Seperators @Lamp_AE
Just testing man @s0md3v
testxx @chmodxxx
characters that can assign values to attributes @molenzwiebel
style2 @Khangarood
ignored chars in html encoding and attributes2 @irsdl
After open bracket @HNThrowaway
html elements that end scripts @Nomicon3
Characters that close strings in chrome 2 @Nomicon3
XSS without par @ahpaleus
dunno @RobinsonLiamr
break out of img src @missoum1307
char after event @chmodxxx
After reference @marqueexss
Equal @synackozgur
sdf2222222222222222 @nullfl0w
doc property hijack with iframe v3 @insertScript
overwrite cookies test case @insertScript
form attribute support @insertScript
script param separator @i_bo0om
Comma analog in script src data @i_bo0om
slash bla htest @insertScript
Characters that eat JavaScript regex escapes @tifkin_
XSS Without Space Test 1 @irsdl
Single characters that break attribute names @garethheyes
Characters that expands the URL length (host no xn) @avlidienbrunn
kkkkkkkkk @D_Szameitat
wunder @palindrom
Characters that end script tags @JohnathanKuskos
JavaScript characters that swallow the next character @tifkin_
Characters allowed at the start of a namespace @agasfasgasdasds
test3_kinmen @kinmenhacker
String quotes in JS context @blubbfiction
before_img @han7er
o replacement in event handlers @blubbfiction
Characters that close tags @blubbfiction
Valid characters between attribute and value instead of @blubbfiction
Replacement characters for between attribute and value @blubbfiction
Characters that close a HTML comment 4 @irsdl
Characters that separate JavaScript object key and value @peksa
JavaScript operators that separate objects and scopes @peksa
JavaScript operators that evaluate argument in variable assignment @peksa
Characters allowed between event handlers and equal sign @peksa
HTML input image tag attributes that run JavaScript @peksa
Characters that start JavaScript double quote strings @peksa
Characters that escape JavaScript single line comments @peksa
Ignored characters in javascript protocol uris @peksa
Characters that escape html input tag @peksa
replacement @matttiko
Characters that close a HTML comment 0021 @matttiko
script var separator @i_bo0om
svg animate onbegin @JohnathanKuskos
Characters that separate JavaScript assignment statements @Giutro
Characters that allow a new statement to begin2 @tifkin_
Characters that allow a new statement to begin @tifkin_
Characters that can be used to terminate entities in an href @tifkin_
Characters that can be used close tags2 @tifkin_
fssadf dfads fdasf @phpdevops
Connect back @kinmenhacker
Separators @JohnathanKuskos
characters that behave like equal signs in attribute value @JohnathanKuskos
im fish @Mramydnei
Characters allowed after domain @avlidienbrunn
Characters allowed before http @avlidienbrunn
Characters allowed before script tag name @tifkin_
chars allowed between js comment @insertScript
allowed char in js comment @insertScript
Charactes that complete single quote @tifkin_
Characters that escape escapes @JohnathanKuskos
characters which turn into a comment @insertScript
Characters that break attribute names @albinowax
Characters allowed between attributes @tifkin_
Characters not encoded with encodeURIComponent @garethheyes
Characters after javascript uri @insertScript
Characters before javascript uri @insertScript
SVG script @garethheyes
Entities allowed with no semi colon @garethheyes
Characters allowed inside slashes no protocol @garethheyes
Characters allowed instead of slash 2 @garethheyes
Characters allowed after slash @garethheyes
Valid chars before img word in img tag @ontrif
Equals equivalent signs in attributes @WisecWisec
Characters allowed inside jsurl @avlidienbrunn
justatest2 @evilcos
Characters allowed instead of forward slash in url @garethheyes
Tags that have the onload event @garethheyes
Replacement for s in script tag @blubbfiction
Replacement for lt in tag @blubbfiction
Characters between lt and tag name @blubbfiction
aaaaa @goroasd
Entities allowed after js protocol @garethheyes
Entities allowed before js protocol @garethheyes
Break out of HTML element from single quoted attribute @peksa
Characters syntactically equivalent to double quote in HTML attributes @p_laguna
Eating backslash @garethheyes
Characters that close a HTML comment 3 @DOMXss
Attribute separators @garethheyes
Characters separating attributes without quotes after hash @garethheyes
Characters separating attributes without quotes @garethheyes
Characters allowed as s in url @garethheyes
Characters allowed after colon in url @garethheyes
Characters allowed after asterix in CSS comments @garethheyes
String variables @garethheyes
Array variables @garethheyes
Window variables @garethheyes
Alternatives to in attributes @albinowax
Characters allowed after paren rule @garethheyes
Characters eating backslash in javascript string @mhswende
Quoteless attributes breaker @garethheyes
Characters that close a quote @0xAli
Uncode sequences generating illegitimate ASCII @0x6D6172696F
Tags and events that execute javascript 2 @garethheyes
Tags that execute onerror @garethheyes
Characters allowed after uri host @jackmasa
Characters that close a HTML comment 002 @0x6D6172696F
Characters allowed after script @garethheyes
Escape from attribute a closing tag @shafigullin
Characters in script inside XML elements 004 @0x6D6172696F
Characters in script inside XML elements 003 @0x6D6172696F
Characters in script inside XML elements 001 @0x6D6172696F
Characters allowed for padding in a data URI 003 @0x6D6172696F
Characters before script @garethheyes
Characters allowed after attribute name @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters that close a HTML comment @garethheyes
Characters allowed before attribute name @garethheyes