All VectorsVector nameUser Created Type Likes 1 1 1 1Characters to break out from eval stringm-boll5/12/2024JS0 1 1 1 1Characters allowed before event in attribute name using setAttributehackvertor8/21/2024JS0 5 5 5 5Characters allowed in path traversaljoaxcar8/26/2024JS0 24 24 24Characters that can be used in eval to write code in betweenm-boll5/12/2024JS0 1 1 1Bypasses for __proto__ string matchvitorfhc8/29/2024JS0 7 7 7 7Characters ignored in an attribute namehackvertor5/28/2024XSS0 5 5 5Characters allowed between multiple HTML attributesJorianWoltjer9/12/2024XSS4 1 1 1 1Characters allowed in-between hyphenshackvertor4/14/2024XSS1 2 2 2 2Characters that act as attribute quoteshackvertor5/28/2024XSS0⚠Browser differences 1 4 4Entities allowed between two forward slashesInsertScript9/19/2024XSS1 1 1 1Characters allowed in colon entityInsertScript9/19/2024XSS0 2 2 2 2Characters that act as attribute quotes copyfreddyb5/31/2024XSS0 1 1 1Chars allowed before domaint0xodile9/24/2024XSS0 3 3 3 3Characters that can be inserted in the middle of the JS protocol namecold-try4/15/2024XSS0 4 4 4 4Entities that cause an external URL before @hackvertor9/25/2024XSS4 1 1 1 1Characters in-between square brackets that close cdatahackvertor10/8/2024XSS0 1 1 1Entities in-between square brackets that close cdatahackvertor10/8/2024XSS1⚠Browser differences 45.4k 56.7k 45.4k 62.5kCharacters that cause the backslash to be consumed with a big5 charsethackvertor11/1/2024XSS0 2 2 2 2HTML tags that can clobber the credentials part of the URL0x999-x11/4/2024XSS1 19 19 19HTML tags and attributes that can be used to access the URL0x999-x11/4/2024XSS1Found 253 recordsPage 8 of 13«3456789101112»
