Correlated Payload Error
Error generating correlated payload
Invalid Password
You entered in a bad password, don't do that too much or you'll be rate limited.
Invalid Account Information
The following field(s) contain invalid data:

Account Settings Updated Successfully!
Your account settings have been updated, changes take effect immediately.
Password Reset Performed Successfully
If you have an account with us then we've sent a password reset message to that email address.

Log In



Reset Password


XSS Payload Fires
Timestamp Victim IP Injection Point Vulnerable Page URI Referrer Options
Collected Pages
Page URI Options

- As small as it gets.
- For annoying CSPs that don't let you load or send stuff from elsewhere.
- Maybe we'll get lucky.
- Maybe we'll get lucky.
.

- Maybe we'll get lucky.
- Maybe we'll get lucky.




Note: Must be used with an XSS Hunter compatible client tool, click here for an example. If you want to build your own please see our documentation. Note that injection requests are only stored for 30 days and are purged afterwards. You will still receive XSS alerts after 30 days but they won't be correlated.