All VectorsVector nameUser Created Type LikesEntities in-between square brackets that close cdatahackvertor10/8/2024XSS1 63.3k 63.3k 63.3kDifferences between escape vs encodeURIComponenthackvertor10/15/2024JS1 3 1 3Characters allowed at IPv6 but don't change the hostnamed0ge6/10/2024JS1 2 2HTML tags that can clobber the credentials part of the URL0x999-x11/4/2024XSS1 20 19HTML tags and attributes that can be used to access the URL0x999-x11/4/2024XSS1 312 314 311Characters allowed at hostnamed0ge6/11/2024JS1 9 9XSS vectors that consume tagY4tacker11/5/2024XSS1 65.4k 65.4k 65.4kCharacters encoded by escape()JorianWoltjer7/4/2025JS1 7 7 7Characters that close or encapsulate HTML attribute valuesola45611/5/2024XSS1 1 1 1 1Characters between < and element nameThomasOrlita4/15/2024HTML1 17 1URL scheme separator alternativessimoneonofri11/14/2024JS1 29 29Non-standard characters that break JSON.parse()DreyAnd11/15/2024JS1 4 4 4Characters that act as new lines in multi line stringshackvertor6/20/2024JS1 2 2 2 2ISO-2022-JP ASCII escape sequencehackvertor12/11/2024XSS1 30 30Characters allowed after equals sign for eventYouGina12/17/2024XSS1 2Bytes that will normalize ISO-2022-JPCillian-Collins12/26/2024XSS1 2Bytes that will scramble ISO-2022-JPCillian-Collins12/26/2024XSS1 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 34 34 35HTML elements that parse differently when renderedhackvertor4/19/2024XSS1Found 243 recordsPage 10 of 13«45678910111213»
