 14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
| HTML elements that parse differently when rendered | hackvertor | 4/19/2024 | XSS | 1 |
| XSS vectors that execute automatically | hackvertor | 4/17/2024 | XSS | 0 |
| Characters allowed between HTML attributes | 0x999-x | 4/10/2024 | XSS | 0 |
 30 30 | Characters allowed after equals sign for event | YouGina | 12/17/2024 | XSS | 1 |
| Character allowed after onerror event | InsertScript | 4/2/2024 | XSS | 0 |
| Characters that can precede the javascript protocol copy2 | PinkDraconian | 11/7/2024 | XSS | 0 |
20 | HTML tags and attributes that can be used to access the URL | 0x999-x | 11/4/2024 | XSS | 1 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Entities in-between square brackets that close cdata | hackvertor | 10/8/2024 | XSS | 1 |
| Chars allowed before domain | t0xodile | 9/24/2024 | XSS | 0 |
| Mutated XSS with img onerror | sqjor | 7/30/2024 | XSS | 0 |
7 7 | Fuzzing weird script behaviour after script text | hackvertor | 7/18/2024 | XSS | 0 |
1143 | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
1 | Characters that can break out of an inline style with double quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Quotes | dogspyagent | 7/13/2024 | XSS | 0 |
| Entities allowed as JS variables | hackvertor | 7/2/2024 | XSS | 1 |
| Entities allowed before function calls | hackvertor | 7/2/2024 | XSS | 0 |
