| 1471 | Bypassing CSP with dangling iframes |
CSP bypass |
Google
Mozilla |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1375 | Leveraging the SQL Injection to Execute the XSS by Evading CSP |
CSP bypass
SQL injection
XSS |
NA |
Nirmal Dahal (@TheNittam) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
| 1370 | Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP |
XSS
CSP bypass
HTML injection |
Microsoft |
Numan Turle (@numanturle) |
Bug Bounty | 2022-07-13 | 2023-06-13 |
| 1295 | Discord Desktop - Remote Code Execution |
RCE
XSS
Sandbox bypass
CSP bypass |
Discord |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-07-29 | 2023-06-13 |
| 702 | Not usual CSP bypass case |
Unrestricted file upload
XSS
CSP bypass |
NA |
Karol Mazurek |
Bug Bounty | 2022-12-12 | 2023-06-13 |
| 645 | Stored XSS vulnerability in Microsoft booking |
Stored XSS
CSP bypass |
Microsoft |
Mrtechghost |
Bug Bounty | 2022-12-27 | 2023-06-13 |
| 427 | Escaping misconfigured VSCode extensions |
Path traversal
DNS rebinding
XSS
HTML injection
Webview
CSP bypass |
Microsoft (SARIF viewer & Live Preview) |
Vasco Franco |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 147 | Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO |
CSP bypass |
Piwik |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2023-04-28 | 2023-06-13 |
| 27 | Bypassing CSP via DOM clobbering |
DOM Clobbering
CSP bypass |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2023-06-05 | 2023-06-13 |
