All VectorsVector nameUser Created Type Likes 39 39 39 39Characters allowed between an object and bracket notationcold-try4/15/2024JS0 33 33 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0 7 7 7Characters between element name and >ThomasOrlita4/15/2024HTML0 5 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 1 1 1Characters allowed instead of equal signc3l3si4n4/28/2024XSS0 35 35 35 35Entities still parsed in uppercasehackvertor7/2/2024JS0 2 2 2 2Characters not urlencoded when using the shema part of the URLd0ge9/24/2024JS0 1 1 1Characters that starts element namelUcgryy3/10/2025HTML0 7 7 7 7Characters ignored in an attribute namehackvertor5/28/2024XSS0⚠ Browser differences 1 1 4 4Entities allowed between slashes on a protocol relative URLhackvertor7/6/2024JS0 3 3 3 3Characters that act as array literalshackvertor6/24/2024JS0 1 1 1Characters before custom tags3np41k1r1t06/23/2025XSS0 25 25 25 25Characters allowed after a biginthackvertor7/18/2025JS0 31 31 31 31Characters allowed either side of a variable assignmenthackvertor7/18/2025JS0 105 105Tags that support HTML commentshackvertor1/26/2025XSS0 2 2 2 2Characters allowed after colon which result in an external URLhackvertor1/16/2025XSS0⚠ Browser differences 46 46 30Characters prepended to URL, which yield in the same host propertyInsertScript1/10/2025JS0 1 1Bypasses for __proto__ string matchvitorfhc8/29/2024JS0 1 1 1XSS vectors that execute automatically inside mathhackvertor4/17/2024XSS0 18 18 18 18Entities allowed between function call and numberhackvertor7/2/2024XSS0Found 245 recordsPage 8 of 13«3456789101112»
