Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,422,403 Successful fuzzes

Fuzz Database


12.0
Vector Created By
Characters that eat JavaScript regex escapes @tifkin_
Characters that expands the URL length (host) @avlidienbrunn
Characters allowed at the start of a namespace @agasfasgasdasds
Characters allowed between JS function names and parentheses @tifkin_
chars allowed between js comment @insertScript
allowed char in js comment @insertScript
characters which turn into a comment @insertScript
Characters after javascript uri @insertScript
Characters before javascript uri @insertScript
Characters allowed instead of forward slash in url @garethheyes
Characters allowed instead of colon in js url @garethheyes
Tags that have the onload event @garethheyes
Replacement for s in script tag @blubbfiction
Replacement for lt in tag @blubbfiction
Characters between lt and tag name @blubbfiction
Entities allowed instead of colon for js protocol @peksa
Entities allowed after js protocol @garethheyes
Entities allowed before js protocol @garethheyes
Entities allowed before CSS rule @garethheyes
Characters syntactically equivalent to double quote in HTML attributes @p_laguna
Eating backslash @garethheyes
Characters that break out of script variables @garethheyes
Characters that are spaces @garethheyes
Characters that are new lines @garethheyes
Attribute separators @garethheyes
Characters separating attributes without quotes after hash @garethheyes
Characters separating attributes without quotes @garethheyes
Characters allowed as _ in url @garethheyes
Characters allowed as s in url @garethheyes
Characters allowed as h in http @garethheyes
Characters allowed after slash in url @garethheyes
Characters allowed after colon in url @garethheyes
Characters allowed between slashes @garethheyes
Characters allowed after asterix in CSS comments @garethheyes
Iframe contentDocument properties @garethheyes
Iframe contentWindow properties @garethheyes
Document body variables @garethheyes
Document variables @garethheyes
Function variables @garethheyes
Object variables @garethheyes
Number variables @garethheyes
String variables @garethheyes
Regexp variables @garethheyes
Array variables @garethheyes
Window variables @garethheyes
Characters between rgb @garethheyes
Characters before rgb @garethheyes
Characters allowed after paren rule @garethheyes
Characters that trigger a new attr after new line @garethheyes
Quoteless attributes breaker @garethheyes
Characters consuming backslashes and breaking JS strings @0x6D6172696F
Events in tags with src or href that execute javascript @garethheyes
Tags and events that execute javascript 2 @garethheyes
Characters that close HTML tags @0x6D6172696F
Characters allowed after script @garethheyes
Characters allowed attribute quote @jackmasa
Characters syntactically equivalent to single quote in HTML attributes @_cweb
Characters syntactically equivalent to colon in a URI @_cweb
Characters in script inside XML elements 004 @0x6D6172696F
Characters in script inside XML elements 003 @0x6D6172696F
Characters in script inside XML elements 001 @0x6D6172696F
Space characters in RegExp @shafigullin
Characters allowed for padding in a data URI 003 @0x6D6172696F
Characters allowed for padding in a data URI 002 @0x6D6172696F
Characters allowed for padding in a data URI 001 @0x6D6172696F
Characters before paren in Javascript call @garethheyes
Characters before img @garethheyes
Characters before script @garethheyes
Characters allowed after attribute name @garethheyes
Characters that close JS Comments @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters allowed before attribute name @garethheyes