SVG XSS/XXE Generator

Generates SVG files with embedded XSS (script, onload, event handler) or XXE payloads for testing image upload and rendering pipelines.

The type of attack payload to embed in the SVG.

Custom payload string. Defaults vary by attack type (e.g., alert(1) for XSS).

URL for XXE mode. The target's XML parser will fetch this URL.

About this tool

Generates SVG files with embedded XSS (script, onload, event handler) or XXE payloads for testing image upload and rendering pipelines.

Read documentation →