A comprehensive reference database of Cross-Site Scripting payloads for security researchers and penetration testers. Categorized payloads and description.
0
TOTAL PAYLOADS
6
CATEGORIES
3
PAGES
ADD PAYLOAD
>_
BASIC XSS
0 payloads
Fundamental XSS vectors using common HTML elements and event handlers
DOM-BASED
0 payloads
Exploits DOM sinks like innerHTML, document.write, eval, and location
FILTER BYPASS
0 payloads
Techniques to evade WAFs, sanitizers, and blacklist-based filters
POLYGLOT
0 payloads
Single payloads valid in multiple contexts (HTML, JS, attribute, CSS)
NON-ENGLISH
0 payloads
Obfuscated using Arabic, Cyrillic, Japanese, Chinese variable names and Unicode escapes
OTHERS
0 payloads
Framework-specific, JSON, XML, JSONP, PostMessage, and advanced technique payloads