Serj Novoselov (@Novoselov_s)

Title	Vulnerabilities	Programs	Authors
Forced SSO Session Fixation	SSO Session Fixation Account Takeover	Undisclosed	Serj Novoselov (@Novoselov_s)
XML External Entity injection with error-based data exfiltration	XXE	Undisclosed	Serj Novoselov (@Novoselov_s)
XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover	OAuth XSS CSP Bypass Account Takeover	Undisclosed	Serj Novoselov (@Novoselov_s)
https://infosecwriteups.com/exploiting-incorrectly-configured-load-balancer-with-xss-to-steal-cookies-99d7cb6129d7	Load Balancer Host Header Injection XSS	Undisclosed	Serj Novoselov (@Novoselov_s)
Critical vulnerability on TP-Link service or how I got 0$	Account Verification Bypass IDOR Information Disclosure Account Takeover	TP-Link	Serj Novoselov (@Novoselov_s)

Page 1 of 1