 1  1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
1 1 | XSS vectors that execute automatically inside math | hackvertor | 4/17/2024 | XSS | 0 |
| Entities that are normalized for e | hackvertor | 7/12/2024 | JS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
| Entities that convert to less than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Attributes that are also DOM properties | hackvertor | 4/30/2024 | XSS | 0 |
1 | Bypass __proto__ string match defense | vitorfhc | 8/29/2024 | JS | 0 |
| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Characters to break out from eval string | m-boll | 5/12/2024 | JS | 0 |
| Characters in-between square brackets that close cdata | hackvertor | 10/8/2024 | XSS | 0 |
| Entities allowed between slashes using XSS type | hackvertor | 1/16/2025 | XSS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Tags that get reordered in the DOM | hackvertor | 1/21/2025 | XSS | 0 |
| Characters allowed before event in attribute name using setAttribute | hackvertor | 8/21/2024 | JS | 0 |
| Characters that act as attribute quotes copy | freddyb | 5/31/2024 | XSS | 0 |
1 | Valid characters between function and dot-parenthesis .() | felipecaon | 5/6/2024 | JS | 0 |
1 | Characters allowed instead of equal sign | c3l3si4n | 4/28/2024 | XSS | 0 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
| Characters ignored in strings when doing a non strict comparison | hackvertor | 6/18/2024 | JS | 0 |
