| 2023 Starlink Router Gen 2 XSS |
|
|
|
| Uncovering a crazy privilege escalation from Chrome extensions |
|
|
|
| DOM-based race condition: racing in the browser for fun |
|
|
|
| XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover |
|
|
|
| You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities |
|
|
|
| crewjam/saml - IdP XSS Via Missing Binding Syntax Validation In ACS Location |
|
|
|
| 403 Forbidden? No Problem, Here’s a POST XSS |
|
|
|
| 2023 Microsoft Office XSS |
|
|
|
| Discovering 7 Open Redirect Bypasses and 3 XSS Bypasses Within a Single Program Using the Same Parameters |
|
|
|
| How 2 Cute Bugs offered me a reward of 650€ |
|
|
|
| Remote Code Execution in Tutanota Desktop due to Code Flaw |
|
|
|
| challenge writeup content-type shenanigans |
|
|
|
| Blog: OmniSpace, from automated 0day XSS to RCE |
|
|
|
| Code Vulnerabilities Put Skiff Emails at Risk |
|
|
|
| Account hijack for anyone using Google sign-in with , due to response-type switch + leaking href to XSS on login.redacted.com |
|
|
|
| Single XSS with Earn $600 |
|
|
|
| Code Vulnerabilities Put Proton Mails at Risk |
|
|
|
| Hacking GTA V RP Servers Using Web Exploitation Techniques |
|
|
|
| Google Extensions (Awarded $18833.7) |
|
|
|
| Anchor Tag XSS Exploitation in Firefox with Target=”_blank” |
|
|
|
| How I Hacked Microsoft Teams and got $150,000 in Pwn2Own |
|
|
|
| Access of Android protected components via embedded intent | Android App Pentesting |
|
|
|
| A Tale of OG XSS |
|
|
|
| The Buffer Curse: A tale of unusual exploitation in Web Application |
|
|
|
| https://infosecwriteups.com/exploiting-incorrectly-configured-load-balancer-with-xss-to-steal-cookies-99d7cb6129d7 |
|
|
|
writeups.xyz
/
XSS