| 5150 | Xss filter bypass in Yahoo dev.flurry.com |
XSS |
Yahoo! / Verizon Media |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-07-31 | 2023-06-13 |
| 5149 | Swf XSS (Dom Based Xss) |
Flash XSS
DOM XSS |
Ubiquity Networks |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-07-31 | 2023-06-13 |
| 5145 | Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded |
XSS |
Uber |
- |
Bug Bounty | 2016-08-29 | 2023-06-13 |
| 5141 | Internet Explorer has a URL problem |
OAuth
RPO
XSS |
GitHub
Google |
File Descriptor (@filedescriptor) |
Bug Bounty | 2016-09-06 | 2023-06-13 |
| 5138 | Bug Bounty : Account Takeover Vulnerability POC |
OAuth
Account takeover
XSS |
NA |
Rakesh Mane (@RakeshMane10) |
Bug Bounty | 2016-09-16 | 2023-06-13 |
| 5134 | Persisting on Pornhub |
Stored XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-09-23 | 2023-06-13 |
| 5133 | XSS Vulnerability in Twitter [https://twitter.com] (Write Up) |
XSS |
Twitter |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2016-09-26 | 2023-06-13 |
| 5132 | gif it time it%27ll come to you - Finding More Holes in The Hub |
XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-10-01 | 2023-06-13 |
| 5123 | Stored XSS in UniFi v4.8.12 Controller |
Stored XSS |
Ubiquity Networks |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-11-12 | 2023-06-13 |
| 5122 | Svg XSS in Unifi v5.0.2 |
Stored XSS |
Ubiquity Networks |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-11-13 | 2023-06-13 |
| 5121 | Bypassing Ebay XSS Protection to launch XSS by Nirmal Dahal |
Reflected XSS |
Ebay |
Nirmal Dahal (@TheNittam) |
Bug Bounty | 2016-11-18 | 2023-06-13 |
| 5116 | Cross-site-scripting on one of the largest Dutch franchisors |
DOM XSS |
Hema |
Tijme Gommers (@tijme) |
Bug Bounty | 2016-12-20 | 2023-06-13 |
| 5115 | Stealing passwords from McDonald%27s users |
Reflected XSS
AngularJS sandbox bypass |
McDonalds |
Tijme Gommers (@tijme) |
Bug Bounty | 2017-01-09 | 2023-06-13 |
| 5103 | Lightweight markup: a trio of persistent XSS in GitLab |
Stored XSS |
GitLab |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-02-15 | 2023-06-13 |
| 5101 | From RSS to XXE: feed parsing on Hootsuite |
XSS
XXE |
Hootsuite |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-02-17 | 2023-06-13 |
| 5096 | One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. |
Stored XSS
Blind XSS
CSRF
Account takeover
IDOR |
NA |
Zseano (@zseano) |
Bug Bounty | 2017-02-25 | 2023-06-13 |
| 5092 | Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities |
XSS
CSP bypass |
Airbnb |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-03-08 | 2023-06-13 |
| 5090 | How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) |
XSS |
Google |
Marin Moulinier |
Bug Bounty | 2017-03-09 | 2023-06-13 |
| 5086 | Penetrating PornHub – XSS vulns galore (plus a cool shirt!) |
XSS |
PornHub |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2017-03-16 | 2023-06-13 |
| 5085 | Near universal XSS in McAfee Web Gateway |
XSS |
McAfee |
Olivier Arteau |
Bug Bounty | 2017-03-17 | 2023-06-13 |
| 5074 | A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF |
Stored XSS
SSRF |
Plotly |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-05-25 | 2023-06-13 |
| 5073 | Pivoting from blind SSRF to RCE with HashiCorp Consul |
Blind XSS
RCE |
NA |
Peter Adkins (@darkarnium) |
Bug Bounty | 2017-05-29 | 2023-06-13 |
| 5072 | XSS on Google{5.000$}-Google Vulnerability Reward Program (VRP) |
Stored XSS |
Google |
- |
Bug Bounty | 2017-05-30 | 2023-06-13 |
| 5068 | DOM Based XSS In Microsoft |
DOM XSS |
Microsoft |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5065 | Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera |
Stored XSS
CSRF
Clickjacking |
Opera |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
