Gareth Heyes (@Garethheyes)

Title	Vulnerabilities	Programs	Authors
Splitting the email atom: exploiting parsers to bypass access controls	Web Cache Poisoning Web Cache Deception	Undisclosed	Gareth Heyes (@Garethheyes)
Blind CSS Exfiltration: exfiltrate unknown web pages	Blind CSS Exfiltration Blind HTML Injection	Undisclosed	Gareth Heyes (@Garethheyes)
Exploiting XSS in hidden inputs and meta tags	XSS	Undisclosed	Gareth Heyes (@Garethheyes)
Bypassing CSP via DOM clobbering	DOM Clobbering CSP Bypass	Undisclosed	Gareth Heyes (@Garethheyes)
Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO	CSP Bypass	PortSwigger Piwik	Gareth Heyes (@Garethheyes)
Exploiting prototype pollution in Node without the filesystem	Server-Side Prototype Pollution RCE	Undisclosed	Gareth Heyes (@Garethheyes)
Server-side prototype pollution: Black-box detection without the DoS	Server-Side Prototype Pollution RCE	Undisclosed	Gareth Heyes (@Garethheyes)
Stealing passwords from infosec Mastodon - without bypassing CSP	HTML Injection	Mastodon Infosec.exchange	Gareth Heyes (@Garethheyes)
Safari is hot-linking images to semi-random websites	Browser Hacking XSS	Apple	Gareth Heyes (@Garethheyes)
Using Hackability to uncover a Chrome infoleak	SOP Bypass	Google	Gareth Heyes (@Garethheyes)
Bypassing Firefox's HTML Sanitizer API	XSS	Mozilla	Gareth Heyes (@Garethheyes)
Widespread prototype pollution gadgets	Prototype Pollution	Undisclosed	Gareth Heyes (@Garethheyes)
Bypassing CSP with dangling iframes	CSP Bypass	Google Mozilla	Gareth Heyes (@Garethheyes)
Finding DOM Polyglot XSS in PayPal the Easy Way	DOM XSS CSP Bypass	Paypal	Gareth Heyes (@Garethheyes)
Bypassing CSP with policy injection	CSP Bypass	Paypal	Gareth Heyes (@Garethheyes)
XSS in hidden input fields	XSS	Undisclosed	Gareth Heyes (@Garethheyes) Liam (@MetalF0X)
XSS without HTML: Client-Side Template Injection with AngularJS	CSTI XSS	Google	Gareth Heyes (@Garethheyes)

Page 1 of 1