All VectorsVector nameUser Created Type Likes 1 1 1 1Characters cause self closing taghackvertor7/23/2025XSS0 2 2 2Characters ignored following slash in self closing taghackvertor7/23/2025XSS1 67 65 67 67Characters allowed inside javascript protocol and still returns the hostnameRenwaX237/21/2025JS3 25 25 25Characters allowed after a biginthackvertor7/18/2025JS0 31 31 31Characters allowed either side of a variable assignmenthackvertor7/18/2025JS0 25 25 25Characters allowed after throw statementhackvertor7/14/2025JS0 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 65.4k 65.4k 65.4kCharacters encoded by escape()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4kCharacters encoded by encodeURI()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1Characters before custom tags3np41k1r1t06/23/2025XSS0 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 15Characters appended at the end of PORT within URL, which yield a different HOSTreindaelman6/15/2025JS0 34.5k 54k 47.1k 47.1kCharacters allowed as a tag name using DOM APIshackvertor6/13/2025JS0 32 32 48Characters allowed before host name that are ignoredhackvertor6/11/2025XSS0 280Url parsing diff b/w anchor.href and new URLSudistark5/26/2025JS0 32 32 32Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 68 68 68 68Characters allowed in the protocol that still resolve host namehackvertor5/6/2025JS0Found 243 recordsPage 2 of 13«12345678910»
