| 1606 | Open Redirection into Bentley System |
XSS |
Bentley Systems |
Amit Kumar (@Amitlt2) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
| 1605 | Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps. |
Open redirect
XSS |
NA |
MalwareJoe |
Bug Bounty | 2022-04-21 | 2023-06-13 |
| 1596 | [EN] Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS |
Stored XSS
Mass assignment
Security code review |
pass Culture |
Aethlios (@AethliosIK) |
Bug Bounty | 2022-04-26 | 2023-06-13 |
| 1588 | Sensitive Data Exfiltration through XSS ($450) |
Token leak |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-04-30 | 2023-06-13 |
| 1575 | Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) |
XSS
CSRF
Account takeover |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-05-06 | 2023-06-13 |
| 1567 | How I Paid For My Holiday With Bug Bounty |
XSS
Broken Access Control
IDOR
Unrestricted file upload |
NA |
Tobydavenn |
Bug Bounty | 2022-05-08 | 2023-06-13 |
| 1563 | ResolveURI RXSS Imperva Waf Bypass |
XSS |
NA |
Ahsan Shahid (@hunter0x8) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
| 1562 | The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… |
CSS injection
Clickjacking
Account takeover
XSS
Cookie bomb
Self-XSS
CSRF |
NA |
Renwa (@RenwaX23) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
| 1551 | Hacking Swagger-UI - from XSS to account takeovers |
DOM XSS
Account takeover |
Shopify
Paypal
GitLab
Atlassian
Yahoo! / Verizon Media
Microsoft
Jamf |
Dawid Moczadło (@kannthu1) |
Bug Bounty | 2022-05-16 | 2023-06-13 |
| 1550 | Bypassing WAF to Weaponize a Stored XSS |
Stored XSS |
NA |
ne555 |
Bug Bounty | 2022-05-17 | 2023-06-13 |
| 1539 | Research: Auditing WordPress Plugins |
SQL injection
LFI
XSS
RCE |
NA |
cy//ective (@cyllective) |
Bug Bounty | 2022-05-20 | 2023-06-13 |
| 1523 | How I made it into the United Nations hall of fame as I slept |
XSS |
United Nations |
Vikaran (@vikaran101) |
Bug Bounty | 2022-05-25 | 2023-06-13 |
| 1520 | 2nd RCE and XSS in Apache Struts before 2.5.30 |
RCE
Double OGNL evaluation
XSS |
Apache Struts |
Chris (@mc_0wn) |
Bug Bounty | 2022-05-25 | 2023-06-13 |
| 1516 | Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553) |
XSS
RCE |
IBM |
Brian (@hoyahaxa) |
Bug Bounty | 2022-05-27 | 2023-06-13 |
| 1495 | An unusual way to find XSS injection in one minute |
CSTI
XSS |
TimeWeb |
Andrey Onishchenko |
Bug Bounty | 2022-06-07 | 2023-06-13 |
| 1477 | Hacking 6.5+ million websites => CVE-2022-29455 (Elementor) |
XSS |
NA |
Rotem Bar (@rotembar) |
Bug Bounty | 2022-06-12 | 2023-06-13 |
| 1465 | Automating reflected XSS with burp-suite Intruder |
Reflected XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1457 | XSS Blind Stored at Asset Domain Android Apps TikTok |
Stored XSS |
TikTok |
Aidil Arief |
Bug Bounty | 2022-06-16 | 2023-06-13 |
| 1447 | Every XSS is different |
XSS |
NA |
Leonardo |
Bug Bounty | 2022-06-20 | 2023-06-13 |
| 1444 | XSS Vulnerability in IBM Content Navigator (CVE-2020-4757) |
XSS |
IBM |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-06-21 | 2023-06-13 |
| 1438 | Filesatck Upload Advisory Summary |
XSS |
Filestack |
Carlos Yanez |
Bug Bounty | 2022-06-23 | 2023-06-13 |
| 1412 | XSS Blind Stored at 2 Assets TikTok |
XSS |
TikTok |
Aidil Arief |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1410 | Bypassing Firefox%27s HTML Sanitizer API |
XSS |
Mozilla |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1409 | Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) |
RCE
XSS |
Microsoft |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1400 | We Hacked Larksuite For 1 month and Here is what we found |
XSS
IDOR
Privilege escalation
Broken Access Control
CSRF
40x bypass |
Lark Technologies |
Snap Sec (@snap_sec) |
Bug Bounty | 2022-07-04 | 2023-06-13 |
