All VectorsVector nameUser Created Type Likes 6 6 6 6Characters allowed in between start of HTML tag name and event handlerAyushXtha3/4/2026XSS1 1 1 1 1masato - braves parsing finding valid charactersInsertScript8/3/2025XSS1 1 1 1 1masato - braves parsing finding entity testInsertScript8/3/2025XSS1 1 1 1Includes Validation Chars AllowedSimpsonpt10/8/2024JS1 6 6 6 6Characters allowed before event handlerAyushXtha3/12/2026XSS1 65.4k 65.4k 65.4k 65.4kCharacters encoded by escape()JorianWoltjer7/4/2025JS1 82 82 82 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 30 30 30Characters allowed after equals sign for eventYouGina12/17/2024XSS1 1 1 1Entities in-between square brackets that close cdatahackvertor10/8/2024XSS1 1 1 1Characters that change length on .toLowerCase()JorianWoltjer4/11/2024JS1 1 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 63.4k 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1⚠Browser differences 1 89 89 89Characters unencoded characters supported in the hashhackvertor9/24/2024JS1⚠Browser differences 39 1 39 39HTML tags that force HTML mode inside SVGhackvertor8/2/2024XSS1 25 25 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 6 6 6ToUpperCase Improper Character MorphingIDKdir7/13/2024JS1 1 1 1Characters that can break out of an inline style background-image url0xdef1ant7/13/2024XSS1⚠Browser differences 49k 49k 49k 136.3kCharacters that are valid JS variableshackvertor4/29/2024JS0 1 1 1HostIDKdir7/15/2024JS0⚠Browser differences 20 20 20 10Attributes that are also DOM propertieshackvertor4/30/2024XSS0Found 253 recordsPage 4 of 13«12345678910»
