PostMessage | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On	PostMessage DOM XSS	SAP The New York Times CNET	Louis Jannett (@Iphoneintosh)
Bad regex used in Facebook Javascript SDK leads to account takeovers in websites that included it	Account Takeover HTTP Parameter Pollution PostMessage	Meta / Facebook	Youssef Sammouda (@Samm0uda)
[Google VRP] Hijacking Google Docs Screenshots	PostMessage XSS	Google	Sreeram KL (@Kl_sree)
Facebook DOM Based XSS using postMessage	DOM XSS PostMessage	Meta / Facebook	Youssef Sammouda (@Samm0uda)
Hunting postMessage Vulnerabilities	PostMessage DOM XSS	Apple Google (Youtube) Adobe	Gary O'Leary-Steele (@Garyoleary) Graham Bacon
Account takeover via postMessage	Account Takeover PostMessage	Undisclosed	Socket (@Yxw21)
Exploiting post message to steal and replace user’s cookies	PostMessage	Undisclosed	Yasser Gersy (@Yassergersy)
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token	PostMessage Violation of Secure Design Principles	Slack	Frans Rosén (@Fransrosen)

Page 2 of 2