| 1229 | Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass - CVE-2022-23597 |
RCE
XSS |
Matrix (Element) |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 1228 | XSS via Angular Template Injection |
CSTI
XSS
WAF bypass |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 1225 | URL filter bypass, RFI and XSS |
Stored XSS
RFI |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
| 1224 | The forgotten API and XSS filter bypass |
XSS |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
| 1223 | Five-minute hunting for hidden XSS |
Reflected XSS |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-15 | 2023-06-13 |
| 1210 | RCE on Spip and Root-Me, v2! |
RCE
SSTI
DNS rebinding
XSS
Code injection
Unrestricted file upload |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
| 1208 | N/a to $750 bounty for a Blind XSS. |
Blind XSS |
NA |
Dirtycoder (@dirtycoder0124) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
| 1207 | You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications |
XSS
SMTP injection |
VMware
Synology
Apple
Microsoft
Google
NextCloud |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
| 1201 | Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings |
XSS
iOS
Android |
Amazon |
David Sopas (@dsopas) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
| 1170 | My Hall of Fame at United Nations Success Story |
XSS |
United Nations |
Joshua Arulsamy (@Joshua_Arulsamy) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
| 1164 | How I found reflected XSS on IDFC Bank with burp-suite Intruder |
Reflected XSS |
IDFC Bank |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
| 1162 | How I bypassed Reflected XSS in well-known platform |
XSS |
NA |
Iori Yagami |
Bug Bounty | 2022-08-29 | 2023-06-13 |
| 1161 | Bypassing Amazon WAF to pop an alert() |
WAF bypass
XSS |
NA |
Manash (@manash036) |
Bug Bounty | 2022-08-29 | 2023-06-13 |
| 1151 | HTMLI/XSS - Crafting a better PoC |
XSS
HTML injection |
NA |
RiotSecurityTeam (@RiotSecTeam) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
| 1148 | How reading robots.txt file got me 4 XSS reports ? |
XSS |
NA |
Ahmed Qaramany (@c0nqr0r) |
Bug Bounty | 2022-08-31 | 2023-06-13 |
| 1137 | Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique) |
Web cache poisoning
XSS
DoS |
Glassdoor |
Harel (@h4r3l) |
Bug Bounty | 2022-09-02 | 2023-06-13 |
| 1124 | Turning cookie based XSS into account takeover |
XSS
Account takeover |
Terrahost |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 1115 | How I found Moodle Cross site scripting |
XSS |
Moodle |
ParagBagul |
Bug Bounty | 2022-09-07 | 2023-06-13 |
| 1113 | How I found 3 RXSS on the Lululemon bug bounty program |
XSS |
lululemon |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
| 1111 | $900 Blind XSS |
Blind XSS |
NA |
ѕнín (@shinchina_) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
| 1092 | Bug Bounty - Cross-site request forgery is a thing |
CSRF
XSS |
NA |
Patrick Hener (@C1sc01) |
Bug Bounty | 2022-09-12 | 2023-06-13 |
| 1087 | Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover |
Blind XSS
SQL injection |
NA |
Cyberali |
Bug Bounty | 2022-09-13 | 2023-06-13 |
| 1056 | Parameters in Lambda Functions that lead to XSS and Injection |
XSS
Serverless |
AWS |
Teri Radichel (@TeriRadichel) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 1052 | Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library |
Universal XSS
SSRF
Open redirect
Web cache poisoning |
Netlify
Gemini
PancakeSwap
Docusign
Moonpay
Celo |
Sam Curry (@samwcyo) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 1045 | My First XSS |
Open redirect
XSS |
NA |
Avyukt Syrine (@AvyuktSyrine) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
