All VectorsVector nameUser Created Type Likes 25 25 25Characters allowed after throw statementhackvertor7/14/2025JS0 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 65.4k 65.4k 65.4kCharacters encoded by escape()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4kCharacters encoded by encodeURI()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1Characters before custom tags3np41k1r1t06/23/2025XSS0 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 15Characters appended at the end of PORT within URL, which yield a different HOSTreindaelman6/15/2025JS0 34.4k 46.6k 47.1k 47.1kCharacters allowed as a tag name using DOM APIshackvertor6/13/2025JS0 32 32 48Characters allowed before host name that are ignoredhackvertor6/11/2025XSS0 280Url parsing diff b/w anchor.href and new URLSudistark5/26/2025JS0 32 32 32Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 68 68 68 68Characters allowed in the protocol that still resolve host namehackvertor5/6/2025JS0 1Chars that can be used as opening bracket in innerHTMLnollium4/19/2025JS0 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0 1 1CSS inline property definitionhipotermia3/12/2025HTML0 1 1 1Characters that starts element namelUcgryy3/10/2025HTML0 1 1Escape inline double quotelUcgryy3/7/2025XSS0Found 238 recordsPage 2 of 12«12345678910»
