| 3403 | The Frustrating XSS |
XSS |
NA |
Mr. Beast (@__mr_beast__) |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3389 | Reflected User Input == XSS! |
Reflected XSS |
NA |
Silent Bronco (@silentbronco) |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3384 | How I made more than $30K with Jolokia CVEs |
Reflected XSS
RCE
Information disclosure |
NA |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3382 | A subtle stored-XSS in WordPress core |
Stored XSS
RCE |
WordPress |
Sam Thomas (@_s_n_t) |
Bug Bounty | 2020-06-17 | 2023-06-13 |
| 3374 | Simple story of some complicated XSS on Facebook |
Reflected XSS |
Meta / Facebook |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2020-06-21 | 2023-06-13 |
| 3361 | An attempt to escalate a low-impact hidden input XSS |
XSS |
NA |
Ayush Ojha (@officialaimm) |
Bug Bounty | 2020-06-28 | 2023-06-13 |
| 3359 | How I hacked a bank their application using it for hacking another bank company — 10K XSS |
XSS |
NA |
hg_real (@hgreal1) |
Bug Bounty | 2020-06-28 | 2023-06-13 |
| 3354 | Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS |
Stored XSS |
Mail.ru |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-06-30 | 2023-06-13 |
| 3352 | Stored XSS with Password Recovery Page |
Stored XSS |
NA |
Lütfü Mert Ceylan (@lutfumertceylan) |
Bug Bounty | 2020-07-01 | 2023-06-13 |
| 3350 | Art of bug bounty: a way from JS file analysis to XSS |
XSS |
Verizon Media
Tumblr |
Jakub Żoczek (@zoczus) |
Bug Bounty | 2020-07-01 | 2023-06-13 |
| 3349 | Blast from the past: Cross Site Scripting on the AWS Console |
DOM XSS |
Amazon |
Johann Rehberger (wunderwuzzi23) |
Bug Bounty | 2020-07-01 | 2023-06-13 |
| 3337 | How I got hall of fame in Microsoft |
XSS |
Microsoft |
Akash basnet (@noneofyou007) |
Bug Bounty | 2020-07-04 | 2023-06-13 |
| 3336 | BBC Bug Bounty Write-up | XSS Vulnerability |
Reflected XSS |
BBC |
Pethuraj (@Pethuraj) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3328 | Issue 1040755: Security: Another "universal" XSS via copy&paste |
Universal XSS
Browser hacking |
Google (Chromium) |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2020-07-06 | 2023-06-13 |
| 3324 | XSS in Zoom.us Signup Flow |
XSS |
Zoom |
Eduardo Vela (@sirdarckcat) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3316 | Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited |
CSRF
XSS
Hardcoded credentials
RCE |
Tenda |
Sanjana Sarda |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3315 | Don’t stop at one bug $$$$ |
Open redirect
XSS
LFI |
NA |
Dheeraj Madhukar (@Dheerajmadhukar) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3309 | Self stored xss to full account takeover |
XSS
Account takeover |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3306 | Exploiting Imported Libraries to Bypass WAF |
Reflected XSS |
NA |
Greg Gibson |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3305 | Hunting postMessage Vulnerabilities |
postMessage
DOM XSS |
Apple
Google (Youtube)
Adobe |
Gary O%27Leary-Steele (@garyoleary) |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3291 | The $1,000 worth cookie |
XSS |
Mail.ru |
Jadek Mark (@mase289) |
Bug Bounty | 2020-07-19 | 2023-06-13 |
| 3269 | XSS, RCE & HTML File Upload in same endpoint |
XSS
RCE
Unrestricted file upload |
NA |
Tarikul Islam (@sa1tama0) |
Bug Bounty | 2020-07-29 | 2023-06-13 |
| 3253 | Look at what i found in Comodo |
Stored XSS
Reflected XSS |
Comodo |
Maor Dayan (@mord1234) |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3244 | Stored XSS on Slack, Bug Bounty |
Stored XSS |
Slack |
Tommysuriel |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3242 | Reflected XSS at fotoservice.hema.nl |
Reflected XSS
Open redirect |
Hema |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
