| 3525 | Fun With CORS Misconfiguration — II |
CORS misconfiguration
XSS |
NA |
Aman Gupta (@gupt4j1) |
Bug Bounty | 2020-04-25 | 2023-06-13 |
| 3474 | Cors Blimey: The power of chaining CORS |
CORS misconfiguration
Stored XSS
CSRF |
NA |
Hazana (@hazanasec) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3338 | EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration |
CORS misconfiguration
CSRF
Account takeover |
NA |
Lütfü Mert Ceylan (@lutfumertceylan) |
Bug Bounty | 2020-07-04 | 2023-06-13 |
| 2945 | Chaining CORS by Reflected xss to Account takeover #My first Blog |
CORS misconfiguration
Reflected XSS
Account takeover |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2020-12-26 | 2023-06-13 |
| 2842 | Stealing Chat session ID with CORS and execute CSRF attack |
CSRF
CORS misconfiguration |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-02-02 | 2023-06-13 |
| 2748 | Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure |
CORS misconfiguration
Information disclosure |
NA |
Harsh Parekh (@notmarshmllow) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
| 2681 | Missing CORS leads to Complete Account Takeover |
Missing CORS
CSRF
Account takeover |
NA |
Niraj Modi (@nirajmodi51) |
Bug Bounty | 2021-03-30 | 2023-06-13 |
| 2531 | CORS misconfig that worths USD200 |
CORS misconfiguration |
NA |
MikeChan |
Bug Bounty | 2021-05-23 | 2023-06-13 |
| 1928 | Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. |
CORS misconfiguration |
NA |
Tarikul Islam (@sa1tama0) |
Bug Bounty | 2022-01-10 | 2023-06-13 |
| 1104 | Fun With CORS |
CORS misconfiguration
Token leak |
NA |
Talis Ozols |
Bug Bounty | 2022-09-08 | 2023-06-13 |
| 1021 | The forgotten IPFS vulnerabilities |
Web3 hacking
Path traversal
CORS misconfiguration
HTML injection |
Filecoin Security |
tintinweb |
Bug Bounty | 2022-09-28 | 2023-06-13 |
| 854 | Compromising Plesk Via Its REST API |
CORS misconfiguration
CSRF |
Plesk |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2022-11-08 | 2023-06-13 |
| 774 | Exploiting CORS Misconfigurations |
CORS misconfiguration
CSRF
XST |
Apple
Google
Mozilla (Firefox)
WHATWG |
scarlet / attack ships on fire |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 718 | CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward ) |
CORS misconfiguration |
NA |
Eagle_92 |
Bug Bounty | 2022-12-08 | 2023-06-13 |
| 684 | Simple CORS misconfig leads to disclose the sensitive token worth of $$$ |
CORS misconfiguration
Token leak |
Linear |
Ramalingasamy |
Bug Bounty | 2022-12-16 | 2023-06-13 |
| 625 | Bypass firewalls with of-CORs and typo-squatting |
CORS misconfiguration |
Tesla |
Chris Grayson |
Bug Bounty | 2023-01-02 | 2023-06-13 |
| 623 | Vue JS Reflected XSS |
Reflected XSS
Blind XSS
CORS misconfiguration
UI redressing |
NA |
sid0krypt (@Siddhar07949650) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 614 | Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability |
CORS misconfiguration |
Google |
Borna Nematzadeh (@LogicalHunter) |
Bug Bounty | 2023-01-06 | 2023-06-13 |
| 569 | EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. |
RCE
Cloud
CSRF
CORS misconfiguration |
Microsoft (Azure) |
Liv Matan (@terminatorLM) |
Bug Bounty | 2023-01-19 | 2023-06-13 |
| 553 | How i Hacked Scopely with “Sign in with Google” |
Account takeover
CORS misconfiguration
Client-side enforcement of server-side security
OAuth |
Scopely |
Ph.Hitachi |
Bug Bounty | 2023-01-23 | 2023-06-13 |
| 455 | Bypassing CORS configurations to produce an Account Takeover for Fun and Profit |
CORS misconfiguration
Account takeover |
NA |
Josh Fam (@Pullerze) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 122 | A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
postMessage
JSONP
DOM XSS
CORS misconfiguration
CSRF
WAF bypass |
NA |
Julien Cretel (@jub0bs) |
Bug Bounty | 2023-05-05 | 2023-06-13 |
