All VectorsVector nameUser Created Type Likes 34 34 34 34Characters allowed before slashes which result in an external URLhackvertor1/16/2025XSS1⚠ Browser differences 2 4 2framers event executorsweizman4/10/2024XSS0 1 1 1Characters that can break out of an inline style with single quotes0xdef1ant7/13/2024XSS0⚠ Browser differences 16 16 16 6Entities allowed between function callshackvertor6/29/2024XSS0⚠ Browser differences 5 1 5 5Characters allowed before CSS selectorshackvertor7/15/2024XSS0 31 31 31 31Characters allowed after malformed entitieshackvertor7/1/2024XSS1⚠ Browser differences 34 35 34 34HTML elements that parse differently when renderedhackvertor4/19/2024XSS1 1 1 1Entities allowed inside function namehackvertor7/2/2024XSS0 1 1 1 1Characters allowed in between @importbribes10/19/2025XSS0 1 1 1Characters allowed instead of equal signc3l3si4n4/28/2024XSS0 9 9 9XSS vectors that consume tagY4tacker11/5/2024XSS1 2 2 2HTML tags that can clobber the credentials part of the URL0x999-x11/4/2024XSS1 7 7 7 7Characters that close or encapsulate HTML attribute valuesola45611/5/2024XSS1 6 6 6 6Chars allowed before style attribute...t0xodile10/25/2025XSS0 5 5 5 5Characters allowed before after onerror eventst0xodile10/23/2025XSS1⚠ Browser differences 2.1k 1 2.1kChars in href that will not default to full URLjoaxcar11/16/2024XSS0 4 4 4 4Entities that cause an external URL before @hackvertor9/25/2024XSS4 1 1 1Mutated XSS with img onerrorsqjor7/30/2024XSS0 1 1 1Characters that can break out of an inline style with double quotes0xdef1ant7/13/2024XSS0 5 5 5 5Characters allowed as a class separatorhackvertor4/13/2024XSS0Found 248 recordsPage 5 of 13«12345678910»
