Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

1,393,934 Successful fuzzes

Fuzz Database


0.0
Vector Created By
characters between open angle bracket and tag name (fixed) @Lamp_AE
close tag construction chars @jangamingnl1
unicode tag @_Ronr_
test uno @Artys_san
valid JS statement separators firefox @insertScript
Tags with JS capable Events @Lamp_AE
Tags with Onerror @Lamp_AE
Valid HTML Attribute Seperators @Lamp_AE
After open bracket @HNThrowaway
XSS without par @ahpaleus
svg xss @ahpaleus
SVG char @ahpaleus
dunno @RobinsonLiamr
char after event @chmodxxx
After reference @marqueexss
overwrite cookies test case @insertScript
form attribute support @insertScript
script param separator @i_bo0om
Comma analog in script src data @i_bo0om
Characters that eat JavaScript regex escapes @tifkin_
XSS Without Space Test 1 @irsdl
JavaScript characters that swallow the next character @tifkin_
Characters allowed at the start of a namespace @agasfasgasdasds
Valid characters between attribute and value instead of @blubbfiction
JavaScript operators that separate objects and scopes @peksa
Characters allowed between event handlers and equal sign @peksa
HTML input image tag attributes that run JavaScript @peksa
Characters that escape JavaScript single line comments @peksa
Ignored characters in javascript protocol uris @peksa
script var separator @i_bo0om
img tag overflow @kinmenhacker
Separators @JohnathanKuskos
Characters that make a double quote valid @tifkin_
Characters allowed between JS function names and parentheses @tifkin_
allowed char in js comment @insertScript
characters which turn into a comment @insertScript
Characters before javascript uri @insertScript
SVG script @garethheyes
Characters allowed instead of colon in js url @garethheyes
Characters syntactically equivalent to double quote in HTML attributes @p_laguna
Attribute separators @garethheyes
Characters allowed as s in url @garethheyes
Quoteless attributes breaker @garethheyes
Characters allowed after attribute name @garethheyes
Characters allowed before attribute name @garethheyes