All VectorsVector nameUser Created Type Likes 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS0 965 1.1k 1.1k 890Window propertieshackvertor5/31/2024JS0 3 3 3Entities that convert to greater than in a iframe srcdochackvertor8/1/2024XSS0 1 1 1Properties that are accessible on locationhackvertor6/7/2024JS0 26 26 26Characters allowed after parentheseshackvertor4/1/2024JS0 1characters allowed between exclamation mark and greater then InsertScript6/18/2024HTML0Impossible lab framesetrenniepak11/27/2024HTML0 2 2 2characters after slash that make a http protocolInsertScript4/3/2024XSS0 20Difference between browser-supported handlers and Shazzer 'events' listhansmach1ne1/5/2025JS0 35 35 35Entities still parsed in uppercasehackvertor7/2/2024JS0 1Characters that can break out of an inline style with double quotes0xdef1ant7/13/2024XSS0 4 4 4Entities allowed between slashes on a protocol relative URLhackvertor7/6/2024JS0 16 16 16JavaScript separators between function namesInsertScript4/2/2024JS0 6 6 6Characters allowed between HTML attributes0x999-x4/10/2024XSS0 16 16 16Characters after stringshackvertor4/3/2024JS0 65.5kdomain valuesnu11secur1ty9/29/2024JS0 6Characters that can work as attribute seperatorSudistark8/17/2024JS0 1.1kMutated XSS AttributesIDKdir7/13/2024XSS0 6Characters allowed before onerror eventshackvertor3/30/2024XSS0 1 1XSS vectors that execute automatically inside mathhackvertor4/17/2024XSS0Found 236 recordsPage 4 of 12«12345678910»
