All VectorsVector nameUser Created Type Likes 1 1 1 1masato - braves parsing finding valid attributesInsertScript8/3/2025XSS1 1 1 1 1masato - braves parsing findingInsertScript8/3/2025XSS1 106 106 106 106Named HTML entities that can be closed with !avlidienbrunn7/29/2025XSS2 1 1 1 1Characters cause self closing taghackvertor7/23/2025XSS0 2 2 2 2Characters ignored following slash in self closing taghackvertor7/23/2025XSS1⚠ Browser differences 67 65 67 67Characters allowed inside javascript protocol and still returns the hostnameRenwaX237/21/2025JS3 25 25 25 25Characters allowed after a biginthackvertor7/18/2025JS0 31 31 31 31Characters allowed either side of a variable assignmenthackvertor7/18/2025JS0 25 25 25 25Characters allowed after throw statementhackvertor7/14/2025JS0 82 82 82 82encodeURI() not encoded with %forglockenspielexact7/11/2025JS1 65.4k 65.4k 65.4k 65.4kCharacters encoded by escape()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4k 63.4kCharacters encoded by encodeURI()JorianWoltjer7/4/2025JS1 63.4k 63.4k 63.4k 63.4kCharacters encoded by encodeURIComponent()JorianWoltjer7/4/2025JS1 1 1 1 1Characters before custom tags3np41k1r1t06/23/2025XSS0 1 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 1 1 1 1Characters appended at the end of PORT within URL, which yield a different HOSTreindaelman6/15/2025JS0⚠ Browser differences 65.4k 34.5k 65.4k 54kCharacters allowed as a tag name using DOM APIshackvertor6/13/2025JS0 48 48 48 48Characters allowed before host name that are ignoredhackvertor6/11/2025XSS0⚠ Browser differences 1 1 1 280Url parsing diff b/w anchor.href and new URLSudistark5/26/2025JS0 48 48 48Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0Found 246 recordsPage 2 of 13«12345678910»
