 1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
| Entities allowed between function calls | hackvertor | 6/29/2024 | XSS | 0 |
| Characters allowed after parentheses | hackvertor | 4/1/2024 | JS | 0 |
| Character allowed after onerror event | InsertScript | 4/2/2024 | XSS | 0 |
| Characters that separate CSS properties | hackvertor | 4/2/2024 | HTML | 0 |
| Valid characters before domain 1 | avlidienbrunn | 4/10/2024 | XSS | 0 |
| Characters allowed between HTML attributes | 0x999-x | 4/10/2024 | XSS | 0 |
| Characters that can be inserted in the middle of the JS protocol name | cold-try | 4/15/2024 | XSS | 0 |
| Characters allowed before javascript URL | ThomasOrlita | 4/15/2024 | JS | 0 |
| Entities allowed before slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| XSS vectors that execute automatically | hackvertor | 4/17/2024 | XSS | 0 |
1 | Bypass __proto__ string match defense | vitorfhc | 8/29/2024 | JS | 0 |
| Entities allowed after slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| Entities allowed inside function name | hackvertor | 7/2/2024 | XSS | 0 |
| Break out of CSS strings | hackvertor | 4/4/2024 | HTML | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Characters allowed in path traversal | joaxcar | 8/26/2024 | JS | 0 |
 24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
 1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
