All VectorsVector nameUser Created Type Likes 1 1 1Characters allowed to break double quotesp3n7a90n6/30/2024XSS0⚠ Browser differences 49k 49k 49k 136.3kCharacters that are valid JS variableshackvertor4/29/2024JS0 3 3 3 3Entities that convert to less than in a iframe srcdochackvertor8/1/2024XSS0 1 1 1HostIDKdir7/15/2024JS0 1 1 1Bypass __proto__ string match defensevitorfhc8/29/2024JS0 2 2 2 2Tags that HTML encode it's contentshackvertor7/16/2024XSS0 157 157 157char not urlencoded (data+)nu11secur1ty9/29/2024JS0 108 108 108 108Tags that get reordered in the DOMhackvertor1/21/2025XSS0 1 1 1 1Characters in-between square brackets that close cdatahackvertor10/8/2024XSS0 25 25 25 25Characters allowed before parentheseshackvertor3/31/2024JS0⚠ Browser differences 50.7k 50.7k 50.7kFind WAF bypass for eval contextelieehel11/22/2024JS0 32 32 32 32Characters allowed before the JavaScript protocolhackvertor1/16/2025XSS0 1 1 1Characters ending XML Processing Instructions (WIP)ola4562/4/2025XSS0⚠ Browser differences 6 5 6 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0 6 6 6Allowed characters right after tag name & before tag closure, no other characters in betweenhansmach1ne1/9/2025XSS0⚠ Browser differences 1 1 1 12Entities allowed after slashes on a protocol relative URLhackvertor7/6/2024JS0 7 7 7 7Characters ignored in an attribute namehackvertor5/28/2024XSS0 5 5 5 5Characters allowed as a class separatorhackvertor4/13/2024XSS0 1 1 1 1XSS vectors that execute automatically inside mathhackvertor4/17/2024XSS0 18 18 18 18Entities allowed between function call and numberhackvertor7/2/2024XSS0Found 246 recordsPage 7 of 13«234567891011»
