| 5060 | Let’s steal some tokens! |
CSRF
XSS
Account takeover |
Google
Shopify |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2017-06-11 | 2023-06-13 |
| 5059 | Godaddy XSS affects parked domains redirector/processor! |
Reflected XSS |
GoDaddy |
Mohamed A. Baset |
Bug Bounty | 2017-06-11 | 2023-06-13 |
| 5057 | XSS on Bugcrowd and so many other website’s main Domain |
Reflected XSS |
Bugcrowd |
Bull (@v0sx9b) |
Bug Bounty | 2017-06-14 | 2023-06-13 |
| 5054 | How I Built An XSS Worm On Atmail |
XSS |
Atmail |
Jake Miller |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 5052 | Stored XSS in the heart of the Russian email provider giant (Mail.ru) |
Stored XSS |
Mail.ru |
Seif Elsallamy (@seifelsallamy) |
Bug Bounty | 2017-06-24 | 2023-06-13 |
| 5049 | CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System |
Reflected XSS |
SimpleRisk |
Mohamed A. Baset |
Bug Bounty | 2017-06-28 | 2023-06-13 |
| 5048 | Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
XSS
SSRF
LFI |
NA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 5045 | Stored XSS in Bandcamp |
Stored XSS |
Bandcamp |
Corben Leo (@hacker_) |
Bug Bounty | 2017-06-30 | 2023-06-13 |
| 5044 | Making an XSS triggered by CSP bypass on Twitter. |
XSS
CSP bypass |
Twitter |
tbmnull |
Bug Bounty | 2017-07-06 | 2023-06-13 |
| 5042 | Managed Apps and Music: a tale of two XSSes in Google Play |
XSS |
Google |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-07-07 | 2023-06-13 |
| 5041 | Medium Content Spoofing Leads to XSS |
Content spoofing
Stored XSS |
Medium |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5040 | Coinbase AngularJS DOM XSS via Kiteworks |
DOM XSS |
Coinbase |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5038 | XSS by tossing cookies |
XSS
Cookie tossing |
Microsoft
Twitter |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 5037 | How we tookover shopify accounts with one single click |
Stored XSS |
Shopify |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 5029 | Xss using dynamically generated js file |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5028 | That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS |
CSRF
Reflected XSS
Stored XSS |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5026 | Self XSS to Good XSS Clickjacking |
XSS
Clickjacking |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5023 | How i was able to bypass strong xss protection in well known website. (imgur.com) |
XSS |
Imgur |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-07-21 | 2023-06-13 |
| 5020 | Stored XSS on Rockstar Game |
XSS |
Rockstar Games |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-26 | 2023-06-13 |
| 5017 | How we invented the Tesla DOM DOOM XSS |
DOM XSS |
Tesla |
Detectify Labs |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 5016 | Cracking the lens: targeting HTTP%27s hidden attack-surface |
Reflected XSS
SSRF |
Yahoo! / Verizon Media
BT
New Relic |
James Kettle (@albinowax) |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 5014 | Referer Based XSS |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-30 | 2023-06-13 |
| 5011 | XSS Because of wrong Content-type Header |
XSS |
Internshala |
Noman Shaikh (@nomanali181) |
Bug Bounty | 2017-08-04 | 2023-06-13 |
| 5005 | Reflected XSS on www.yahoo.com |
Reflected XSS |
Yahoo! / Verizon Media |
Samuel (@saamux) |
Bug Bounty | 2017-08-12 | 2023-06-13 |
| 4994 | Uber XSS via Cookie |
XSS |
Uber |
Chaobin Zhang |
Bug Bounty | 2017-08-30 | 2023-06-13 |
