All VectorsVector nameUser Created Type Likes 33 33 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0⚠ Browser differences 50.7k 50.7k 50.7kFind WAF bypass for eval contextelieehel11/22/2024JS0 1 1 1Escape inline double quotelUcgryy3/7/2025XSS0 3 3 3 3Entities that convert to less than in a iframe srcdochackvertor8/1/2024XSS0 3 3 3 3Entities that convert to greater than in a iframe srcdochackvertor8/1/2024XSS0 4 4 4 4Entities that cause an external URL before @hackvertor9/25/2024XSS4⚠ Browser differences 1 1 1 10Entities that are normalized for ehackvertor7/12/2024JS0 35 35 35 35Entities still parsed in uppercasehackvertor7/2/2024JS0 1 1 1Entities in-between square brackets that close cdatahackvertor10/8/2024XSS1⚠ Browser differences 1 1 1 9Entities allowed inside hosthackvertor7/6/2024JS0 1 1 1Entities allowed inside function namehackvertor7/2/2024XSS0 1 1 1Entities allowed between two forward slashesInsertScript9/19/2024XSS1 4 4 4 4Entities allowed between slashes using XSS typehackvertor1/16/2025XSS0⚠ Browser differences 1 1 1 4Entities allowed between slashes on a protocol relative URLhackvertor7/6/2024JS0⚠ Browser differences 16 16 16 6Entities allowed between function callshackvertor6/29/2024XSS0 18 18 18 18Entities allowed between function call and numberhackvertor7/2/2024XSS0 4 4 4 4Entities allowed before slashes which result in an external URLhackvertor1/16/2025XSS0⚠ Browser differences 1 1 1 4Entities allowed before slashes on a protocol relative URLhackvertor7/6/2024JS0 19 19 19 19Entities allowed before function callshackvertor7/2/2024XSS0 577 577 577 577Entities allowed as JS variableshackvertor7/2/2024XSS1Found 246 recordsPage 5 of 13«12345678910»
