All VectorsVector nameUser Created Type Likes 1 1 1 1Characters before custom tags3np41k1r1t06/23/2025XSS0 1 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 1 1 1 1Characters appended at the end of PORT within URL, which yield a different HOSTreindaelman6/15/2025JS0⚠ Browser differences 65.4k 65.4k 65.4k 54kCharacters allowed as a tag name using DOM APIshackvertor6/13/2025JS0 48 48 48 48Characters allowed before host name that are ignoredhackvertor6/11/2025XSS0⚠ Browser differences 1 1 1 280Url parsing diff b/w anchor.href and new URLSudistark5/26/2025JS0⚠ Browser differences 48 48 48 32Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 5 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 175 175 175 175Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains0x999-x5/7/2025XSS1 68 68 68 68Characters allowed in the protocol that still resolve host namehackvertor5/6/2025JS0 1 1 1Chars that can be used as opening bracket in innerHTMLnollium4/19/2025JS1 33 33 33 33Fuzzing for Max sanitized input (simplified)vitorfhc4/7/2025XSS0 1 1 1CSS inline property definitionhipotermia3/12/2025HTML0 1 1 1Characters that starts element namelUcgryy3/10/2025HTML0 1 1 1Escape inline double quotelUcgryy3/7/2025XSS0 4 4 4 4Characters allowed before the JavaScript protocol colonRemakingEden3/3/2025XSS0 5 5 5Chars allowed between src and = in img tagrootd4ddy3/2/2025XSS0 46 46 46Characters Allowed Between Protocol // and localhost Where Host Still Equals localhostrootd4ddy3/2/2025JS0 1 1 1Url parsing diff b/w window.open and new URLSudistark2/21/2025JS0 1 1 1Characters ending XML Processing Instructions (WIP)ola4562/4/2025XSS0Found 253 recordsPage 3 of 13«12345678910»
