All VectorsVector nameUser Created Type Likes 5 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 175 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 68 68 68 68Characters allowed in the protocol that still resolve host namehackvertor5/6/2025JS0 1 1 1Chars that can be used as opening bracket in innerHTMLnollium4/19/2025JS0 33 33 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0 1 1 1CSS inline property definitionhipotermia3/12/2025HTML0 1 1 1Characters that starts element namelUcgryy3/10/2025HTML0 1 1 1Escape inline double quotelUcgryy3/7/2025XSS0 4 4 4Characters allowed before the JavaScript protocol colonRemakingEden3/3/2025XSS0 5 5 5Chars allowed between src and = in img tagrootd4ddy3/2/2025XSS0 46 46 46Characters Allowed Between Protocol // and localhost Where Host Still Equals localhostrootd4ddy3/2/2025JS0 1 1 1Url parsing diff b/w window.open and new URLSudistark2/21/2025JS0 1 1 1Characters ending XML Processing Instructions (WIP)ola4562/4/2025XSS0⚠ Browser differences 6 5 6 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0⚠ Browser differences 105 106 105Tags that support HTML commentshackvertor1/26/2025XSS0 14 14 14 14Tags that get moved out of parenthackvertor1/22/2025XSS0 3 3 3 3Characters that can be inside the javascript protocolhipotermia1/22/2025XSS0 108 108 108 108Tags that get reordered in the DOMhackvertor1/21/2025XSS0 2 2 2 2Malformed HTML commentshackvertor1/17/2025XSS0 32 32 32 32Characters allowed before the JavaScript protocolhackvertor1/16/2025XSS0Found 246 recordsPage 3 of 13«12345678910»
