All VectorsVector nameUser Created Type Likesframers event executorsweizman4/10/2024XSS0Bypasses for __proto__ string matchvitorfhc8/29/2024JS0 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0 1Bypass __proto__ string match defensevitorfhc8/29/2024JS0Attribute separatorstr3w5/6/2024HTML0 1 1chars before img tagst0xodile10/25/2025XSS0Chars allowed before domaint0xodile9/24/2024XSS0 6Chars allowed before style attribute...t0xodile10/25/2025XSS0 5 5Characters allowed before after onerror eventst0xodile10/23/2025XSS1 1 1 1Characters allowed to end a JS stringsqjor7/17/2024JS0Mutated XSS with img onerrorsqjor7/30/2024XSS0Characters allowed begin from a forward slash character in javascript protocolsiunam32110/28/2025JS0 17 1URL scheme separator alternativessimoneonofri11/14/2024JS1Characters before custom tags3np41k1r1t06/23/2025XSS0 5Chars allowed between src and = in img tagrootd4ddy3/2/2025XSS0 30Characters Allowed Between Protocol // and localhost Where Host Still Equals localhostrootd4ddy3/2/2025JS0Impossible lab framesetrenniepak11/27/2024HTML0 3 3 3Characters allowed javascript and colonrenniepak4/9/2024JS3 32 32 32Characters that can precede the javascript protocolrenniepak4/10/2024XSS3 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1Found 239 recordsPage 1 of 1212345678910»
