| 5085 | Near universal XSS in McAfee Web Gateway |
XSS |
McAfee |
Olivier Arteau |
Bug Bounty | 2017-03-17 | 2023-06-13 |
| 4733 | Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper |
DOM XSS
Universal XSS
Clickjacking
Browser extension hacking |
NA |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2018-06-08 | 2023-06-13 |
| 3965 | Kaspersky in the Middle – what could possibly go wrong? |
Clickjacking
Universal XSS
MiTM |
Kaspersky |
Wladimir Palant (@WPalant) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 3576 | CVE-2019-17004—Semi Universal XSS affecting Firefox for iOS |
Universal XSS |
Mozilla
Brave Software |
cliqz (@cliqz) |
Bug Bounty | 2020-03-30 | 2023-06-13 |
| 3518 | Indirect UXSS issue on a private Android target app |
Universal XSS |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-04-29 | 2023-06-13 |
| 3328 | Issue 1040755: Security: Another "universal" XSS via copy&paste |
Universal XSS
Browser hacking |
Google (Chromium) |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2020-07-06 | 2023-06-13 |
| 3165 | Universal XSS in Android WebView (CVE-2020-6506) |
Universal XSS |
Google
Microsoft
Twitter |
Alesandro Ortiz (@AlesandroOrtizR) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3040 | Evernote: Universal-XSS, theft of all cookies from all sites, and more |
Universal XSS |
Evernote |
Oversecured (@OversecuredInc) |
Bug Bounty | 2020-11-12 | 2023-06-13 |
| 2477 | How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Shivam Kumar Singh (@MrRajputHacker) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
| 2468 | How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Vansh Devgan (@Th3Pr0xyB0y) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
| 1892 | Hacking the Apple Webcam (again) |
Universal XSS
Browser hacking |
Apple |
Ryan Pickren |
Bug Bounty | 2022-01-25 | 2023-06-13 |
| 1052 | Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library |
Universal XSS
SSRF
Open redirect
Web cache poisoning |
Netlify
Gemini
PancakeSwap
Docusign
Moonpay
Celo |
Sam Curry (@samwcyo) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 937 | Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version) |
Universal XSS
Android |
Mozilla |
hafiizh |
Bug Bounty | 2022-10-19 | 2023-06-13 |
