All VectorsVector nameUser Created Type Likes 30 30Characters prepended to URL, which yield in the same host propertyInsertScript1/10/2025JS0 31Characters appended at the end of TLD within URL, which yield in the same host propertyInsertScript1/10/2025JS0 6 6 6Allowed characters right after tag name & before tag closure, no other characters in betweenhansmach1ne1/9/2025XSS0 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 16Difference between browser-supported handlers and Shazzer 'all_browser_events' listhansmach1ne1/5/2025JS0 20Difference between browser-supported handlers and Shazzer 'events' listhansmach1ne1/5/2025JS0 275Characters appended at the end of TLD within URL, which yield in the same Originhansmach1ne1/5/2025JS2 127HTML TAGS ListsY4tacker1/3/2025XSS0 2Bytes that will scramble ISO-2022-JPCillian-Collins12/26/2024XSS1 2Bytes that will normalize ISO-2022-JPCillian-Collins12/26/2024XSS1 30 30Characters allowed after equals sign for eventYouGina12/17/2024XSS1 12 12Unicode characters that get normalized into path traversal characters hackvertor12/12/2024JS2 2 2 2ISO-2022-JP ASCII escape sequencehackvertor12/11/2024XSS1Impossible lab framesetrenniepak11/27/2024HTML0Find WAF bypass for eval contextelieehel11/22/2024JS0 1 1 1Characters transformed when using lowercasehackvertor11/18/2024JS0 10 10 10Characters transformed when using uppercasehackvertor11/18/2024JS0 2.1kChars in href that will not default to full URLjoaxcar11/16/2024XSS0 29 29Non-standard characters that break JSON.parse()DreyAnd11/15/2024JS1 4HTML elements that inherit properties which return the full URL0x999-x11/14/2024XSS0Found 239 recordsPage 4 of 12«12345678910»
