All VectorsVector nameUser Created Type Likes 2 2 2 2Tags that HTML encode it's contentshackvertor7/16/2024XSS0⚠ Browser differences 6 5 6 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0 48 48 48Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 1 1 1React DOM srcIDKdir7/15/2024JS0 1 1 1Quotesdogspyagent7/13/2024XSS0 1 1 1 1Properties that leak the parent URL even when sandboxedhackvertor6/6/2024JS0 5 5 5 5Properties that contain URLshackvertor5/31/2024JS2 1 1 1 1Properties that are accessible on locationhackvertor6/7/2024JS0 13 13 13 13Properties are accessible in a sandboxed iframehackvertor6/7/2024JS0 29 29 29 29Non-standard characters that break JSON.parse()DreyAnd11/15/2024JS1 106 106 106 106Named HTML entities that can be closed with !avlidienbrunn7/29/2025XSS2 1 1 1Mutated XSS with img onerrorsqjor7/30/2024XSS0 1.1k 1.1k 1.1kMutated XSS AttributesIDKdir7/13/2024XSS0 2 2 2 2Malformed HTML commentshackvertor1/17/2025XSS0 25 25 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 2 2 2 2List of HTML elements that convert to arbitrary stringjoaxcar4/10/2024XSS0 16 16 16 16JavaScript separators between function namesInsertScript4/2/2024JS0 1 1 1JavaScript Scheme starting with https://BinaryScary6/28/2024JS4 40 40 40 40JavaScript Scheme starting with httpBinaryScary7/16/2024JS1⚠ Browser differences 2 1 2JIS X 0208 bytes that produce ASCII charactersJorianWoltjer9/22/2024JS1Found 246 recordsPage 3 of 13«12345678910»
