All VectorsVector nameUser Created Type Likes 6 6ToUpperCase Improper Character MorphingIDKdir7/13/2024JS1JavaScript Scheme starting with httpBinaryScary7/16/2024JS1 9 9XSS vectors that consume tagY4tacker11/5/2024XSS1 39 39 1HTML tags that force HTML mode inside SVGhackvertor8/2/2024XSS1 7 7 7Characters that close or encapsulate HTML attribute valuesola45611/5/2024XSS1 63.3k 63.3k 63.3kDifferences between escape vs encodeURIComponenthackvertor10/15/2024JS1 2 2HTML tags that can clobber the credentials part of the URL0x999-x11/4/2024XSS1 2Bytes that will normalize ISO-2022-JPCillian-Collins12/26/2024XSS1 2Bytes that will scramble ISO-2022-JPCillian-Collins12/26/2024XSS1 89 89 89Characters unencoded characters supported in the hashhackvertor9/24/2024JS1 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 34 34 34Characters allowed before slashes which result in an external URLhackvertor1/16/2025XSS1 29 29Non-standard characters that break JSON.parse()DreyAnd11/15/2024JS1 273 29 29Characters allowed within a hostname but don't change the hostnameThomasOrlita4/30/2024JS1 1Includes Validation Chars AllowedSimpsonpt10/8/2024JS1Entities in-between square brackets that close cdatahackvertor10/8/2024XSS1 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 20 19HTML tags and attributes that can be used to access the URL0x999-x11/4/2024XSS1Found 236 recordsPage 10 of 12«3456789101112»
