All VectorsVector nameUser Created Type Likes 1Characters allowed to break double quotesp3n7a90n6/30/2024XSS0 130.1k 130.1k 130.1kCharacters that are valid JS variableshackvertor4/29/2024JS0 3 3 3Entities that convert to less than in a iframe srcdochackvertor8/1/2024XSS0HostIDKdir7/15/2024JS0 1Bypass __proto__ string match defensevitorfhc8/29/2024JS0 2 2 2Tags that HTML encode it's contentshackvertor7/16/2024XSS0 141char not urlencoded (data+)nu11secur1ty9/29/2024JS0 108 108 108Tags that get reordered in the DOMhackvertor1/21/2025XSS0 1 1 1Characters in-between square brackets that close cdatahackvertor10/8/2024XSS0 6 6 6Characters allowed before parentheseshackvertor3/31/2024JS0Find WAF bypass for eval contextelieehel11/22/2024JS0 32 32 32Characters allowed before the JavaScript protocolhackvertor1/16/2025XSS0Characters ending XML Processing Instructions (WIP)ola4562/4/2025XSS0 5 5 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0 6 6 6Allowed characters right after tag name & before tag closure, no other characters in betweenhansmach1ne1/9/2025XSS0 12 12 12Entities allowed after slashes on a protocol relative URLhackvertor7/6/2024JS0 7 7 7Characters ignored in an attribute namehackvertor5/28/2024XSS0 5 5 5Characters allowed as a class separatorhackvertor4/13/2024XSS0 1 1XSS vectors that execute automatically inside mathhackvertor4/17/2024XSS0 18 18 18Entities allowed between function call and numberhackvertor7/2/2024XSS0Found 240 recordsPage 7 of 12«234567891011»
