 1 | HTML vector | nu11secur1ty | 9/29/2024 | HTML | 0 |
1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
| Characters that close or encapsulate HTML attribute values | ola456 | 11/5/2024 | XSS | 1 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
| Characters that end unencapsulated HTML attribute values | ola456 | 5/14/2025 | XSS | 0 |
1 | Characters allowed to break double quotes | p3n7a90n | 6/30/2024 | XSS | 0 |
32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
15 | Characters appended at the end of PORT within URL, which yield a different HOST | reindaelman | 6/15/2025 | JS | 0 |
| Injection in src attribute PORT, characters that change hostname | reindaelman | 6/15/2025 | JS | 1 |
| Characters allowed javascript and colon | renniepak | 4/9/2024 | JS | 3 |
| Impossible lab frameset | renniepak | 11/27/2024 | HTML | 0 |
| Characters that can precede the javascript protocol | renniepak | 4/10/2024 | XSS | 3 |
30 | Characters Allowed Between Protocol // and localhost Where Host Still Equals localhost | rootd4ddy | 3/2/2025 | JS | 0 |
5 | Chars allowed between src and = in img tag | rootd4ddy | 3/2/2025 | XSS | 0 |
| Characters before custom tag | s3np41k1r1t0 | 6/23/2025 | XSS | 0 |
 17 1 | URL scheme separator alternatives | simoneonofri | 11/14/2024 | JS | 1 |
| Characters allowed to end a JS string | sqjor | 7/17/2024 | JS | 0 |
| Mutated XSS with img onerror | sqjor | 7/30/2024 | XSS | 0 |
| Chars allowed before domain | t0xodile | 9/24/2024 | XSS | 0 |
| Attribute separators | tr3w | 5/6/2024 | HTML | 0 |
