All categories
Browser Quirks
CSS Parsing
Character Encoding
DOM Behavior
Entity Parsing
HTML Parsing
JavaScript Syntax
Regular Expressions
URL Handling
Web APIs
XML Parsing
XSS Execution
Login
Home
Vectors
Categories
All vectors
Browser diffs
RSS
Stats
Performance
Features
Differences
Network
Tools
Cheat sheet
Unicode table
Dynamic template
Blog
Blog home
RSS
Help
Home
Vectors
Categories
All vectors
Browser diffs
RSS
Stats
Performance
Features
Differences
Network
Tools
Cheat sheet
Unicode table
Dynamic template
Blog
Blog home
RSS
Help
Cache poisoning...
disconnected
Distributed Fuzzing
Enabled:
Status:
disconnected
Your browser automatically contributes to distributed fuzzing when idle.
All Vectors
Vector name
User
Created
Type
Likes
1
1
1
1
Characters in-between square brackets that close cdata
hackvertor
10/8/2024
XSS
0
13
13
13
13
Properties are accessible in a sandboxed iframe
hackvertor
6/7/2024
JS
0
1
1
1
1
XSS vectors that execute automatically inside svg
hackvertor
4/17/2024
XSS
0
50
50
50
50
HTML entities that create ASCII characters inside a JavaScript URL
hackvertor
6/25/2024
JS
4
⚠ Browser differences
16
16
16
6
Entities allowed between function calls
hackvertor
6/29/2024
XSS
0
6
6
6
Characters allowed before onerror events
hackvertor
3/30/2024
XSS
0
16
16
16
16
Characters after strings
hackvertor
4/3/2024
JS
0
1
1
1
1
XSS vectors that execute automatically inside math
hackvertor
4/17/2024
XSS
0
25
25
25
25
Characters ignored in strings when doing a non strict comparison
hackvertor
6/18/2024
JS
0
31
31
31
31
Characters allowed after malformed entities
hackvertor
7/1/2024
XSS
1
⚠ Browser differences
34
35
34
34
HTML elements that parse differently when rendered
hackvertor
4/19/2024
XSS
1
19
19
19
19
Entities allowed before function calls
hackvertor
7/2/2024
XSS
0
1
1
1
Entities allowed inside function name
hackvertor
7/2/2024
XSS
0
108
108
108
108
Tags that get reordered in the DOM
hackvertor
1/21/2025
XSS
0
4
4
4
4
Entities allowed before slashes which result in an external URL
hackvertor
1/16/2025
XSS
0
2
2
2
2
ISO-2022-JP ASCII escape sequence
hackvertor
12/11/2024
XSS
1
26
26
26
26
Characters allowed after parentheses
hackvertor
4/1/2024
JS
0
15
15
15
15
HTML elements that are self closing or different text content
hackvertor
4/19/2024
XSS
2
18
18
18
18
Entities allowed between function call and number
hackvertor
7/2/2024
XSS
0
35
35
35
35
Entities still parsed in uppercase
hackvertor
7/2/2024
JS
0
Found
280
records
Page 8 of 14
«
3
4
5
6
7
8
9
10
11
12
»