| Not usual CSP bypass case |
|
|
|
| CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms |
|
|
|
| Discord Desktop - Remote Code Execution |
|
|
|
| Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP |
|
|
|
| Leveraging the SQL Injection to Execute the XSS by Evading CSP |
|
|
|
| Bypassing CSP with dangling iframes |
|
|
|
| Bypass CSP Using WordPress By Abusing Same Origin Method Execution |
|
|
|
| [2/3] XSS Through The Front-Door @ GitLab |
|
|
|
| From Intigriti challenge to a Vue.js script gadget |
|
|
|
| The tale of CVE-2021–34479 (VSCode XSS) |
|
|
|
| Bug Bounty Stories #1: Tale of CSP bypass in an electron app! |
|
|
|
| Finding DOM Polyglot XSS in PayPal the Easy Way |
|
|
|
| XSS in the AWS Console |
|
|
|
| The beauty of chaining client-side bugs |
|
|
|
| Playing With iframes: Bypassing Content-Security-Policy |
|
|
|
| Content-Security-Policy Bypass to perform XSS using MIME sniffing |
|
|
|
| "Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams |
|
|
|
| Chains on Chains: Chaining multiple low-level vulns into a Critical. |
|
|
|
| My Hacking Adventures With Safari Reader Mode |
|
|
|
| CSP Bypass Vulnerability in Google Chrome Discovered - Almost Every Website In The World Was At Risk |
|
|
|
| Executing scripts in Safari Reader Mode to CSP Bypass |
|
|
|
| CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE |
|
|
|
| Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access |
|
|
|
| Get pwned by scanning QR Code |
|
|
|
| Bypassing CSP with policy injection |
|
|
|
writeups.xyz
/
CSP Bypass