Location hash (aka. fragment) spills into data URI content
Chrome Bug 324251 - https://code.google.com/p/chromium/issues/detail?id=324251
By skeptic_fx
Tested on 9 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By undefined
Tested on 20 browsers
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)
By skeptic_fx
Tested on 15 browsers
List of properties that doesn't need parenthesis
By Pepe Villa (@cgvwzq ) - http://jsfiddle.net/MhLPG/1/
By skeptic_fx
Tested on 8 browsers
Direct references to Window objects
A list of all objects that directly refers to the Window object
By skeptic_fx
Tested on 7 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By ldx00
Tested on 11 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By hbkninad
Tested on 7 browsers
Knockout JS libraries vulnerable to data-bind injection
These KnockoutJS libraries are vulnerable to injection attacks via 'data-bind'. If an attacker can control, the 'data-bind' property in the HTML markup code(which is possible sometimes), the vulnerable versions of this library evals them in the process of binding that data.
By skeptic_fx
Tested on 3 browsers
List of constructors that refer to window w/o parenthesis
By Pepe Villa (@cgvwzq ) - http://jsfiddle.net/MhLPG/1/
By skeptic_fx
Tested on 8 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By beingritika
Tested on 8 browsers
jQuery UI .dialog() closeText property DOM XSS Sink.
https://github.com/jquery/jquery-ui/pull/1622 . jQuery 2.1.4 is used as the base jQuery library. $('#div').dialog({ closeText: '<html injection>' });
By skeptic_fx
Tested on 5 browsers
Attribute Separators
Characters that can be used in between HTML attributes.
By skeptic_fx
Tested on 3 browsers
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)
By tester_dt
Tested on 3 browsers
AngularJS Sandbox Bypasses
Fully working bypasses across different versions curated from the community
By skeptic_fx
Tested on 7 browsers
extended test for jquery selector xss
extended test for jquery selector xss
By Zemnmez
Tested on 4 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By vlumi
Tested on 7 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By relectron_ru
Tested on 8 browsers
jQuery Selectors Vulnerable to XSS
List of all jQuery versions vulnerable to class selector and location hash selector XSS
By mihirgokani007
Tested on 11 browsers
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By beingritika
Tested on 7 browsers