All VectorsVector nameUser Created Type Likes 39 39 39 39Characters allowed between an object and bracket notationcold-try4/15/2024JS0⚠ Browser differences 16 17 16 17Tags that remove the span or are self closinghackvertor7/16/2024XSS0 7 7 7 7Characters between element name and >ThomasOrlita4/15/2024HTML0⚠ Browser differences 48 48 48 32Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 1 1 1Characters allowed instead of equal signc3l3si4n4/28/2024XSS0 35 35 35 35Entities still parsed in uppercasehackvertor7/2/2024JS0 2 2 2 2Characters not urlencoded when using the shema part of the URLd0ge9/24/2024JS0 1 1 1CSS inline property definitionhipotermia3/12/2025HTML0 7 7 7 7Characters ignored in an attribute namehackvertor5/28/2024XSS0⚠ Browser differences 1 4 4 4Entities allowed between slashes on a protocol relative URLhackvertor7/6/2024JS0 3 3 3 3Characters that act as array literalshackvertor6/24/2024JS0 25 25 25 25Characters allowed after throw statementhackvertor7/14/2025JS0 1 1 1 1Characters cause self closing taghackvertor7/23/2025XSS0 25 25 25 25Characters allowed after a biginthackvertor7/18/2025JS0⚠ Browser differences 105 106 105Tags that support HTML commentshackvertor1/26/2025XSS0 2 2 2 2Characters allowed after colon which result in an external URLhackvertor1/16/2025XSS0 46 46 46Characters prepended to URL, which yield in the same host propertyInsertScript1/10/2025JS0 1 1 1Bypasses for __proto__ string matchvitorfhc8/29/2024JS0 1 1 1 1XSS vectors that execute automatically inside mathhackvertor4/17/2024XSS0 18 18 18 18Entities allowed between function call and numberhackvertor7/2/2024XSS0Found 253 recordsPage 8 of 13«3456789101112»
