Featured vector

Chrome 0.0
<!-- sample vector --> <script> alert(1)0x3e0x3e hax</script>

Fuzz vector cloud

3,386,006 Successful fuzzes

Fuzz Database


11.0
Vector Created By
Char that allows you to act as a slash in closing tag 2 @notxssninja
Characters that close a HTML comment 3 @DOMXss
Attribute separators @garethheyes
Characters separating attributes without quotes after hash @garethheyes
Characters separating attributes without quotes @garethheyes
Determine what character can be at the end of the javascript but before the colon @MisterJyu
Characters allowed as slash in url @garethheyes
Characters allowed as gt in url @garethheyes
Characters allowed as lt in url @garethheyes
Characters allowed as _ in url @garethheyes
Characters allowed as s in url @garethheyes
Characters allowed as h in http @garethheyes
Characters allowed after slash in url @garethheyes
Characters allowed after colon in url @garethheyes
Characters allowed between slashes @garethheyes
Characters to end script tag via JavaScript regex 002 @0x6D6172696F
Characters to end script tag via JavaScript regex 001 @0x6D6172696F
Characters allowed after asterix in CSS comments @garethheyes
Iframe contentWindow properties @garethheyes
Document body variables @garethheyes
Document variables @garethheyes
Function variables @garethheyes
Object variables @garethheyes
Number variables @garethheyes
String variables @garethheyes
Regexp variables @garethheyes
Array variables @garethheyes
Window variables @garethheyes
Alternatives to in attributes @albinowax
Characters between rgb @garethheyes
Characters allowed after ampersand in named character references @_cweb
Characters not encoded by encodeURIComponent @shafigullin
Characters allowed for padding in a data URI 001 @0x6D6172696F
Characters allowed after attribute name @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters allowed before attribute name @garethheyes