| 5197 | XSS without HTML: Client-Side Template Injection with AngularJS |
CSTI
XSS |
Google |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2016-01-27 | 2023-06-13 |
| 4892 | Reflected XSS via AngularJS Template Injection |
Reflected XSS
CSTI |
Hostinger |
Taha Ibrahim Draidia |
Bug Bounty | 2018-01-17 | 2023-06-13 |
| 3534 | The Secret sauce of bug bounty |
CSTI
Stored XSS
CORS misconfiguration |
NA |
Mohamed Slamat (@oxxy37) |
Bug Bounty | 2020-04-22 | 2023-06-13 |
| 3507 | Reflected XSS on Microsoft.com via Angular Js template injection |
CSTI
XSS |
Microsoft |
Pratik Dabhi (@impratikdabhi) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 2981 | "Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams |
RCE
Stored XSS
CSP bypass
CSTI |
Microsoft |
Oskars Vegeris |
Bug Bounty | 2020-12-07 | 2023-06-13 |
| 2740 | Leveraging Template injection to takeover an account. |
CSTI
XSS |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2021-03-04 | 2023-06-13 |
| 2638 | How I earned $$$$ through Stored XSS |
Stored XSS
CSTI |
NA |
Harish |
Bug Bounty | 2021-04-16 | 2023-06-13 |
| 2519 | The beauty of chaining client-side bugs |
CRLF injection
XSS
CSP bypass
DoS
CSTI |
NA |
Master SEC (@MasterSEC_AR) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
| 2507 | XSS in the AWS Console |
XSS
CSP bypass
CSTI |
AWS |
Nick Frichette (@frichette_n) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2072 | Finding Zero-Day Vulnerabilities in the Supply Chain |
CSTI
Signature bypass |
Adaxes |
Roni Carta (@0xLupin) |
Bug Bounty | 2021-11-16 | 2023-06-13 |
| 1923 | C.S.T.I Lead To Account Takeover $$$ |
CSTI
Account takeover |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-13 | 2023-06-13 |
| 1495 | An unusual way to find XSS injection in one minute |
CSTI
XSS |
TimeWeb |
Andrey Onishchenko |
Bug Bounty | 2022-06-07 | 2023-06-13 |
| 1228 | XSS via Angular Template Injection |
CSTI
XSS
WAF bypass |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 1142 | AngularJS Client-Side Template Injection: The orderBy Filter. |
CSTI |
NA |
Jay |
Bug Bounty | 2022-09-01 | 2023-06-13 |
| 1035 | Stored XSS in Nvidia via Angular JS template injection |
CSTI
Stored XSS |
Nvidia |
Mohamed Abdelhady |
Bug Bounty | 2022-09-25 | 2023-06-13 |
| 934 | FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer |
CSTI
Stored XSS |
Microsoft |
Lidor Ben Shitrit |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 185 | Popping Tags: Exploiting Template Injections in PRTG Network Monitor |
Reflected XSS
CSTI |
Paessler |
Peter Szot |
Bug Bounty | 2023-04-18 | 2023-06-13 |
