All VectorsVector nameUser Created Type Likes 2 2 2HTML tags that can clobber the credentials part of the URL0x999-x11/4/2024XSS1 4 4 4 4Characters that can break out of a single line comment0x999-x4/10/2024JS0 25 25 25Characters allowed between variable name and equals sign0x999-x4/9/2024JS0 175 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 6 6 6 6Characters allowed between HTML attributes0x999-x4/10/2024XSS0 19 19 19HTML tags and attributes that can be used to access the URL0x999-x11/4/2024XSS1 1 1 1 1test0x999-x4/10/2024JS0⚠ Browser differences 4 3 4HTML elements that inherit properties which return the full URL0x999-x11/14/2024XSS0 3 3 3 3Characters that can start an HTML comment0x999-x7/18/2024HTML2 1 1 1Characters that can break out of an inline style with single quotes0xdef1ant7/13/2024XSS0 1 1 1Characters that can break out of an inline style with double quotes0xdef1ant7/13/2024XSS0 1 1 1Characters that can break out of an inline style background-image url0xdef1ant7/13/2024XSS1 6 6 6Characters allowed before event handlerAyushXtha3/12/2026XSS0 7 7 7 7Characters allowed while closing script tagAyushXtha10/27/2025XSS3 6 6 6 6Characters allowed in between start of HTML tag name and event handlerAyushXtha3/4/2026XSS0 1 1 1JavaScript Scheme starting with https://BinaryScary6/28/2024JS4 40 40 40 40JavaScript Scheme starting with httpBinaryScary7/16/2024JS1⚠ Browser differences 12.7k 12.7k 12.7k 12.7kCharacters after https URI scheme which prevent URL parsing of hrefCillian-Collins10/27/2025XSS1 2 2 2Bytes that will scramble ISO-2022-JPCillian-Collins12/26/2024XSS1 2 2 2Bytes that will normalize ISO-2022-JPCillian-Collins12/26/2024XSS1Found 248 recordsPage 1 of 1312345678910»
