| Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN |
|
|
|
| Type confusion attacks in ProseMirror editors |
|
|
|
| Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode |
|
|
|
| Exfiltrating Data from Sandboxed Documents |
|
|
|
| The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS |
|
|
|
| We Hacked Google A.I. for $50,000 |
|
|
|
| Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild |
|
|
|
| CSP bypass on PortSwigger.net using Google script resources |
|
|
|
| XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT |
|
|
|
| “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser |
|
|
|
| XSS to OAuth access token leak in office online which can be used to account takeover |
|
|
|
| Hacking Google Bard - From Prompt Injection to Data Exfiltration |
|
|
|
| XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover |
|
|
|
| Remote Code Execution in Tutanota Desktop due to Code Flaw |
|
|
|
| Code Vulnerabilities Put Skiff Emails at Risk |
|
|
|
| Code Vulnerabilities Put Proton Mails at Risk |
|
|
|
| ATO | How I exploited security issue to take over admin account |
|
|
|
| The Buffer Curse: A tale of unusual exploitation in Web Application |
|
|
|
| Linux local electron application script-src: self bypass |
|
|
|
| Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API |
|
|
|
| Kanboard - Spraying Malicious Tasks Across all Projects |
|
|
|
| Bypassing CSP via DOM clobbering |
|
|
|
| Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO |
|
|
|
| Escaping misconfigured VSCode extensions |
|
|
|
| Stored XSS vulnerability in Microsoft booking |
|
|
|
writeups.xyz
/
CSP Bypass