| 3495 | DOM-Based XSS at accounts.google.com by Google Voice Extension. |
DOM XSS |
Google |
missoum1307 (@missoum1307) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3494 | I Found XSS Security Flaws in Rails – Here%27s What Happened. |
XSS |
Ruby on Rails |
Jesse Campos |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3493 | $20000 Facebook DOM XSS |
DOM XSS |
Meta / Facebook |
Vinoth Kumar (@vinodsparrow) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3491 | Bypass XSS filter using HTML Escape |
XSS |
Google |
Syahri Ramadan (@adonkidz7) |
Bug Bounty | 2020-05-08 | 2023-06-13 |
| 3482 | How I got my first swag on Edmodo with a simple XSS. |
Stored XSS |
Edmodo |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3480 | Chained Bugs [ Account TakeOver ] |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3477 | One Param => $10k |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3476 | Stored XSS Leads to Plaintext Password Disclosure |
Stored XSS
Information disclosure
Unrestricted file upload |
NA |
bad5ect0r (@bad5ect0r) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3474 | Cors Blimey: The power of chaining CORS |
CORS misconfiguration
Stored XSS
CSRF |
NA |
Hazana (@hazanasec) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3461 | Parsing the DOM elements of Other pages via XSS: A Bug Bounty Story |
XSS
Information disclosure |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3458 | Story About OTP Bypass To Stored XSS |
OTP bypass
Stored XSS |
NA |
PJ Borah (@PJBorah1) |
Bug Bounty | 2020-05-23 | 2023-06-13 |
| 3455 | Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client |
XXE
Reflected XSS |
Uber |
Niv Levy (@restr1ct3d) |
Bug Bounty | 2020-05-27 | 2023-06-13 |
| 3453 | Stored XSS in Yahoo mail IOS app($3500) |
Stored XSS |
Yahoo! / Verizon Media |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3452 | Stored XSS in Microsoft outlook |
Stored XSS |
Microsoft |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3451 | iOS Outlook Stored XSS Write-Up($3000) |
XSS |
Microsoft |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3447 | Bypassing WAF to perform XSS |
XSS |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3446 | XSS Stored On Messages In [ Outlook Web — Outlook Android App ] |
Stored XSS |
Microsoft |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3438 | Cross-site scripting: The power of the hidden parameters. |
Reflected XSS |
Sony |
Kassih Mouhssine (@KassihMouhssine) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3432 | How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? |
Self-XSS
CSRF |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2020-06-01 | 2023-06-13 |
| 3431 | Information disclosure and reflected XSS on Tokopedia |
Reflected XSS
Information disclosure |
Tokopedia |
wis4nggeni |
Bug Bounty | 2020-06-01 | 2023-06-13 |
| 3429 | Double URL-encoded XSS |
Reflected XSS |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3428 | The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers |
XSS |
Google
Mozilla |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3426 | From CRLF to Account Takeover |
CRLF injection
HTTP response splitting
Reflected XSS
Account takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2020-06-03 | 2023-06-13 |
| 3419 | Local file read via XSS using PDF generate functionality |
XSS
LFI |
NA |
Sanjay Singh Jhala (@lordjerry0x01) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3415 | XSS to Database Credential Leakage & Database Access — Story of total luck! |
Reflected XSS
Information disclosure |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-06-06 | 2023-06-13 |
