Featured vector

Firefox 0.0
<img src0x3dx onerror0x3dalert(1)>

Fuzz vector cloud

3,386,006 Successful fuzzes

Fuzz Database


0.0
Vector Created By
characters that can assign values to attributes @molenzwiebel
dunno @RobinsonLiamr
break out of img src @missoum1307
sdf2222222222222222 @nullfl0w
overwrite cookies test case @insertScript
form attribute support @insertScript
script param separator @i_bo0om
Comma analog in script src data @i_bo0om
Characters that eat JavaScript regex escapes @tifkin_
XSS Without Space Test 1 @irsdl
Single characters that break attribute names @garethheyes
Characters that expands the URL length (host no xn) @avlidienbrunn
kkkkkkkkk @D_Szameitat
wunder @palindrom
Characters that break out of css urls latest @garethheyes
Characters that end script tags @JohnathanKuskos
JavaScript characters that swallow the next character @tifkin_
test3_kinmen @kinmenhacker
String quotes in JS context @blubbfiction
before_img @han7er
o replacement in event handlers @blubbfiction
Characters that close tags @blubbfiction
Valid characters between attribute and value instead of @blubbfiction
Replacement characters for between attribute and value @blubbfiction
Characters that close a HTML comment 4 @irsdl
Characters allowed between event handlers and equal sign @peksa
HTML input image tag attributes that run JavaScript @peksa
Characters that start JavaScript double quote strings @peksa
Characters that escape JavaScript single line comments @peksa
Ignored characters in javascript protocol uris @peksa
Characters that escape html input tag @peksa
Characters that close a HTML comment 0021 @matttiko
Characters that make a double quote valid @tifkin_
Characters allowed before script tag name @tifkin_
allowed char in js comment @insertScript
Charactes that complete single quote @tifkin_
Characters that escape escapes @JohnathanKuskos
characters which turn into a comment @insertScript
Characters allowed between attributes @tifkin_
Characters not encoded with encodeURI @garethheyes
Characters after javascript uri @insertScript
characters allowd in html entities @insertScript
Characters before javascript uri @insertScript
Characters allowed inside slashes no protocol @garethheyes
Valid chars before img word in img tag @ontrif
Equals equivalent signs in attributes @WisecWisec
Characters allowed instead of colon in js url @garethheyes
Cookie fuzzing @garethheyes
Replacement for lt in tag @blubbfiction
Characters between lt and tag name @blubbfiction
Escaped characters that break out of single quote HTML attribute @peksa
Eating backslash @garethheyes
Characters that break out of script variables @garethheyes
Characters that are spaces @garethheyes
Attribute separators @garethheyes
Quoteless attributes breaker @garethheyes
Tags and events that execute javascript @garethheyes
Characters that close HTML tags @0x6D6172696F
Characters allowed after script @garethheyes
Characters breaking JavaScript Regex delimiter @0x6D6172696F
Space characters in RegExp @shafigullin
Characters before img @garethheyes
Characters allowed after attribute name @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters allowed before CSS properties @garethheyes
Characters that close a HTML comment @garethheyes
Characters allowed before attribute name @garethheyes