Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,422,406 Successful fuzzes

Fuzz Database


5.0
Vector Created By
Characters that break out of css urls latest @garethheyes
Characters that break attribute names @albinowax
Replacement for lt in tag @blubbfiction
Char that allows you to act as a slash in closing tag 2 @notxssninja
Characters that are spaces @garethheyes
Characters that are new lines @garethheyes
Attribute separators @garethheyes
Characters separating attributes without quotes after hash @garethheyes
Characters separating attributes without quotes @garethheyes
Characters allowed as _ in url @garethheyes
Characters allowed as s in url @garethheyes
Characters allowed as h in http @garethheyes
Characters allowed after colon in url (no slashes) @garethheyes
Characters allowed after slash in url @garethheyes
Characters allowed after colon in url @garethheyes
Characters allowed between slashes @garethheyes
Characters allowed after asterix in CSS comments @garethheyes
Document body variables @garethheyes
Document variables @garethheyes
Function variables @garethheyes
Object variables @garethheyes
Number variables @garethheyes
String variables @garethheyes
Regexp variables @garethheyes
Array variables @garethheyes
Window variables @garethheyes
Characters between rgb @garethheyes
Characters before rgb @garethheyes
Characters allowed after paren rule @garethheyes
Characters that trigger a new attr after new line @garethheyes
Quoteless attributes breaker @garethheyes
Characters consuming backslashes and breaking JS strings @0x6D6172696F
Events in tags with src or href that execute javascript @garethheyes
Tags and events that execute javascript 2 @garethheyes
Tags and events that execute javascript @garethheyes
Tags that execute onerror @garethheyes
Characters to separate class names in class attributes @0x6D6172696F
Characters allowed after uri host @jackmasa
Characters that close a HTML comment 002 @0x6D6172696F
Characters that close HTML tags @0x6D6172696F
Characters not encoded by encodeURIComponent @shafigullin
Characters allowed after script @garethheyes
Characters allowed attribute quote @jackmasa
Characters syntactically equivalent to colon in a URI @_cweb
Characters breaking JavaScript Regex delimiter @0x6D6172696F
Escape from attribute a closing tag @shafigullin
Characters allowed for padding in a data URI 001 @0x6D6172696F
Characters before paren in Javascript call @garethheyes
Characters before img @garethheyes
Characters allowed after attribute name @garethheyes
Characters that close JS Comments @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
Characters allowed before CSS properties @garethheyes
Characters allowed before a JavaScript function @garethheyes
Characters that close a HTML comment @garethheyes
Characters allowed before attribute name @garethheyes