1 | Characters allowed to break double quotes | p3n7a90n | 6/30/2024 | XSS | 0 |
| Characters that are valid JS variables | hackvertor | 4/29/2024 | JS | 0 |
| Entities that convert to less than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
1 | Bypass __proto__ string match defense | vitorfhc | 8/29/2024 | JS | 0 |
| Tags that HTML encode it's contents | hackvertor | 7/16/2024 | XSS | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Characters allowed before the JavaScript protocol | hackvertor | 1/16/2025 | XSS | 0 |
| Characters in-between square brackets that close cdata | hackvertor | 10/8/2024 | XSS | 0 |
7 7 | Characters between element name and > | ThomasOrlita | 4/15/2024 | HTML | 0 |
| Find WAF bypass for eval context | elieehel | 11/22/2024 | JS | 0 |
| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
106 106 | Tags that support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| Tags that get moved out of parent | hackvertor | 1/22/2025 | XSS | 0 |
2 | char not urlencoded (data) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Entities allowed inside function name | hackvertor | 7/2/2024 | XSS | 0 |
| Characters ignored in an attribute name | hackvertor | 5/28/2024 | XSS | 0 |
8 | Characters that expand upon toUpperCase() | DreyAnd | 4/10/2024 | JS | 0 |
1 1 | XSS vectors that execute automatically inside math | hackvertor | 4/17/2024 | XSS | 0 |
| Entities allowed between function call and number | hackvertor | 7/2/2024 | XSS | 0 |