CWE-79 on ZAP

AngularJS $parse expression from cookie

Mon, 01 Jan 0001 00:00:00 +0000

Cookie-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from form input

Mon, 01 Jan 0001 00:00:00 +0000

Form-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from localStorage

Mon, 01 Jan 0001 00:00:00 +0000

Storage-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from postMessage

Mon, 01 Jan 0001 00:00:00 +0000

postMessage-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS expression executed through Function constructor

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data reached dynamic code execution while AngularJS expression parsing/compilation was active. This covers interpolation and $parse-style AngularJS expression injection cases.

Generated by OWASP PTK IAST Module

AngularJS expression injection - eval expression 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.0 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.24 to 1.2.26

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.27 to 1.3.20

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.6 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.4.0 to 1.4.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.4.2 to 1.5.8

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - single-quote expression 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS interpolation delimiters in template string

Mon, 01 Jan 0001 00:00:00 +0000

Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.

Generated by OWASP PTK SAST Module

AngularJS ng-* expression attribute

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

AngularJS template injection - alternate delimiters 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - HTML entity alternate delimiters 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - HTML entity delimiters 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.0 to 1.2.1

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.2 to 1.2.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.24 to 1.2.29

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.6 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.5.0 to 1.5.8

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected eval 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected short legacy 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

Cross Site Scripting (DOM Based)

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Reflected)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting Weakness (Persistent in JSON Response)

Mon, 01 Jan 0001 00:00:00 +0000

A XSS attack was found in a JSON response, this might leave content consumers vulnerable to attack if they don’t appropriately handle the data (response).

Cross-site Scripting

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting

Mon, 01 Jan 0001 00:00:00 +0000

data: URL assigned to form action

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to form action.

Generated by OWASP PTK IAST Module

data: URL assigned to formAction

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to formAction.

Generated by OWASP PTK IAST Module

data: URL assigned to href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to href.

Generated by OWASP PTK IAST Module

data: URL assigned to iframe.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to iframe.src.

Generated by OWASP PTK IAST Module

data: URL assigned to script.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to script.src and treated as executable content.

Generated by OWASP PTK IAST Module

data: URL assigned to src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to a generic src attribute.

Generated by OWASP PTK IAST Module

data: URL navigated via location.assign

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to location.assign.

Generated by OWASP PTK IAST Module

data: URL navigated via location.href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to location.href.

Generated by OWASP PTK IAST Module

data: URL navigated via location.replace

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to location.replace.

Generated by OWASP PTK IAST Module

data: URL opened via window.open

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to window.open.

Generated by OWASP PTK IAST Module

Disallow document.write()/writeln()

Mon, 01 Jan 0001 00:00:00 +0000

Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.

Generated by OWASP PTK SAST Module

Disallow innerHTML/outerHTML assignments

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Disallow insertAdjacentHTML()

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

DOM XSS via document.write

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data passed to document.write.

Generated by OWASP PTK IAST Module

DOM XSS via document.write (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached document.write.

Generated by OWASP PTK IAST Module

DOM XSS via DOM mutation (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached mutation sinks.

Generated by OWASP PTK IAST Module

DOM XSS via DOM mutations

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data inserted into the DOM via DOM mutation APIs.

Generated by OWASP PTK IAST Module

DOM XSS via DOMParser.parseFromString

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML parsed through DOMParser.parseFromString with an HTML-like MIME type.

Generated by OWASP PTK IAST Module

DOM XSS via Element.innerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data assigned to innerHTML (possible DOM XSS).

Generated by OWASP PTK IAST Module

DOM XSS via Element.outerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data assigned to outerHTML (possible DOM XSS).

Generated by OWASP PTK IAST Module

DOM XSS via Element.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to Element.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

DOM XSS via iframe.srcdoc (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached iframe.srcdoc.

Generated by OWASP PTK IAST Module

DOM XSS via inline event handler

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data flowed into an inline event handler.

Generated by OWASP PTK IAST Module

DOM XSS via inline handlers (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached inline event handlers.

Generated by OWASP PTK IAST Module

DOM XSS via innerHTML (Angular)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

DOM XSS via innerHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached innerHTML.

Generated by OWASP PTK IAST Module

DOM XSS via insertAdjacentHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed into insertAdjacentHTML.

Generated by OWASP PTK IAST Module

DOM XSS via insertAdjacentHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached insertAdjacentHTML.

Generated by OWASP PTK IAST Module

DOM XSS via outerHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached outerHTML.

Generated by OWASP PTK IAST Module

DOM XSS via query param attribute breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param attribute-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param double-quoted attribute event breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param double-quoted resource onerror breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param event-handler value

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param HTML image onerror

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param javascript: URL

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS block-comment breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS double-quote breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS expression execution

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS regex breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS single-quote breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS template literal breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param script-tag breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param single-quoted attribute event breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param style-block breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param SVG tag-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param unquoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via Range.createContextualFragment

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to Range.createContextualFragment.

Generated by OWASP PTK IAST Module

DOM XSS via ShadowRoot.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to ShadowRoot.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

DOM-based XSS (taint flow)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Dynamic AngularJS $compile/$interpolate template

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Dynamic AngularJS $parse expression

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Inline event handler built from dynamic data

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

javascript: URL assigned to form action

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to form action.

Generated by OWASP PTK IAST Module

javascript: URL assigned to formAction

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to formAction.

Generated by OWASP PTK IAST Module

javascript: URL assigned to href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to href and likely to execute in the current browsing context.

Generated by OWASP PTK IAST Module

javascript: URL assigned to iframe.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to iframe.src.

Generated by OWASP PTK IAST Module

javascript: URL assigned to src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to a generic src attribute and interpreted as executable content.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.assign

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to location.assign.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to location.href.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.replace

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to location.replace.

Generated by OWASP PTK IAST Module

javascript: URL opened via window.open

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to window.open.

Generated by OWASP PTK IAST Module

JSONP callback parameter controls JavaScript response

Mon, 01 Jan 0001 00:00:00 +0000

Tests callback-like parameters for JSONP-style JavaScript responses where user input controls the executed callback name.

Generated by OWASP PTK DAST Module

Reflected HTTP GET Parameter(s)

Mon, 01 Jan 0001 00:00:00 +0000

A reflected parameter value has been found in the HTTP response. Reflected parameter values may introduce XSS vulnerability or HTTP header injection.

Response field parsed via createContextualFragment

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML parsed via Range.createContextualFragment.

Generated by OWASP PTK IAST Module

Response field parsed via DOMParser

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML parsed via DOMParser.parseFromString.

Generated by OWASP PTK IAST Module

Response field rendered via document.write

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached document.write.

Generated by OWASP PTK IAST Module

Response field rendered via DOM mutation

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached DOM mutation sinks.

Generated by OWASP PTK IAST Module

Response field rendered via innerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached innerHTML.

Generated by OWASP PTK IAST Module

Response field rendered via insertAdjacentHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached insertAdjacentHTML.

Generated by OWASP PTK IAST Module

Response field rendered via outerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached outerHTML.

Generated by OWASP PTK IAST Module

Response field rendered via setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached Element.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

Response field rendered via ShadowRoot.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached ShadowRoot.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

Review DOMParser.parseFromString with dynamic HTML/XML

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Review uses of appendChild

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

SPA hash DOM XSS

Mon, 01 Jan 0001 00:00:00 +0000

Tests hash-based SPA parameters (http://host/#/route?param=…) for DOM XSS by mutating the hash in a dedicated attack tab and inspecting the DOM.

Generated by OWASP PTK DAST Module

Tainted data compiled as AngularJS template

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Tainted data passed to AngularJS $parse

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

template.innerHTML with dynamic content

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

XSS - attribute context img onerror

Mon, 01 Jan 0001 00:00:00 +0000

Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.

XSS - attribute-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - double-quoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Img onerror

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Img onerror

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS block comment break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS expression replacement

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS single-quoted string break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS slash/regex literal break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS string break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS template literal break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Script tag after noscript tag

Mon, 01 Jan 0001 00:00:00 +0000

XSS - single-quoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - SVG onload polyglot

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Svg tag with animation event

Mon, 01 Jan 0001 00:00:00 +0000

XSS - tag-name SVG onload injection

Mon, 01 Jan 0001 00:00:00 +0000