All VectorsVector nameUser Created Type Likes 7 7 7Characters allowed while closing script tagAyushXtha10/27/2025XSS1 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1 3 3masato - braves parsing finding entity testInsertScript8/3/2025XSS1 5 5Characters allowed before after onerror eventst0xodile10/23/2025XSS1 16 16masato - braves parsing findingInsertScript8/3/2025XSS1 89 89 89Characters unencoded characters supported in the hashhackvertor9/24/2024JS1 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 39 39 1HTML tags that force HTML mode inside SVGhackvertor8/2/2024XSS1 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 6 6ToUpperCase Improper Character MorphingIDKdir7/13/2024JS1 1Characters that can break out of an inline style background-image url0xdef1ant7/13/2024XSS1 136.3k 136.3k 136.3kCharacters that are valid JS variableshackvertor4/29/2024JS0HostIDKdir7/15/2024JS0 10 10 11Attributes that are also DOM propertieshackvertor4/30/2024XSS0Attribute separatorstr3w5/6/2024HTML0 2 2 2Tags that HTML encode it's contentshackvertor7/16/2024XSS0 1 1 1Characters to break out from eval stringm-boll5/12/2024JS0 965 1.1k 1.1k 890Window propertieshackvertor5/31/2024JS0 3 3 3Entities that convert to greater than in a iframe srcdochackvertor8/1/2024XSS0 13 13 13Properties are accessible in a sandboxed iframehackvertor6/7/2024JS0Found 243 recordsPage 4 of 13«12345678910»
