Featured vector

Chrome 0.0
<!-- sample vector --> <script> alert(1)0x2f0x2f hax</script>

Fuzz vector cloud

3,386,006 Successful fuzzes

Fuzz Database


10.0
Vector Created By
Valid chars before img word in img tag @ontrif
justatest2 @evilcos
Characters allowed instead of forward slash in url @garethheyes
Characters allowed instead of colon in js url @garethheyes
Characters that close a HTML comment 3 @DOMXss
Characters that are spaces @garethheyes
Attribute separators @garethheyes
Characters to end script tag via JavaScript regex 002 @0x6D6172696F
Array variables @garethheyes
Window variables @garethheyes
Alternatives to in attributes @albinowax
Characters between rgb @garethheyes
Characters before rgb @garethheyes
Characters allowed after paren rule @garethheyes
Characters that trigger a new attr after new line @garethheyes
Characters eating backslash in javascript string @mhswende
Quoteless attributes breaker @garethheyes
Replacement for greater than sign @mhswende
Characters which break attributes without quotes @shafigullin
Uncode sequences generating illegitimate ASCII @0x6D6172696F
Characters allowed after ampersand in named character references @_cweb
Characters ending HTML closing tags (HTML4) @0x6D6172696F
Characters consuming backslashes and breaking JS strings @0x6D6172696F
Events in tags with src or href that execute javascript @garethheyes
Tags and events that execute javascript 2 @garethheyes
Tags that execute onerror @garethheyes
Does this browser support e4x @garethheyes
Characters to separate class names in class attributes @0x6D6172696F
Characters allowed after uri host @jackmasa
Characters that close a HTML comment 002 @0x6D6172696F
Characters that close HTML tags @0x6D6172696F
Characters allowed after script @garethheyes
Single character breaking innerHTML copy @thewildcat
Characters allowed attribute quote @jackmasa
Characters escaping JS comment delimiters 001 @0x6D6172696F
Escape from attribute a closing tag @shafigullin
Characters allowed for padding in a data URI 001 @0x6D6172696F
Characters trimmed my trim @shafigullin
Characters before paren in Javascript call @garethheyes
Characters before img @garethheyes
Characters before script @garethheyes
Characters allowed after attribute name @garethheyes
Characters that close JS Comments @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters allowed before CSS properties @garethheyes
Characters allowed before a JavaScript function @garethheyes
Characters allowed before attribute name @garethheyes