| 754 | Stored XSS at https://www.tiktok.com/ the name of the attacker’s account carrying XSS payload will be triggered when the victim Send Video |
Stored XSS |
TikTok |
Aidil Arief |
Bug Bounty | 2022-11-30 | 2023-06-13 |
| 685 | CVE-2022-42710: A journey through XXE to Stored-XSS |
Stored XSS
XXE
Security code review |
Linear |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-12-16 | 2023-06-13 |
| 682 | I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS |
Stored XSS
Self-XSS |
Zoom |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2022-12-17 | 2023-06-13 |
| 645 | Stored XSS vulnerability in Microsoft booking |
Stored XSS
CSP bypass |
Microsoft |
Mrtechghost |
Bug Bounty | 2022-12-27 | 2023-06-13 |
| 613 | Advanced CSRF Exploitation |
CSRF
Stored XSS |
NA |
Sandro Einfeldt |
Bug Bounty | 2023-01-07 | 2023-06-13 |
| 561 | CSRF + Stored XSS Leading to Full Account Takeover |
Stored XSS
CSRF
Account takeover |
NA |
Fares Walid (@SirBagoza) |
Bug Bounty | 2023-01-20 | 2023-06-13 |
| 544 | MyBB <= 1.8.31: Remote Code Execution Chain |
RCE
SQL injection
Stored XSS |
MyBB |
Aleksey Solovev |
Bug Bounty | 2023-01-25 | 2023-06-13 |
| 451 | Securing Open-Source Solutions: A Study of osTicket Vulnerabilities |
Stored XSS
Reflected XSS
SQL injection
Session fixation |
osTicket |
Miguel Correia |
Bug Bounty | 2023-02-14 | 2023-06-13 |
| 387 | Interesting Stored XSS in sandboxed environment to Full Account Takeover |
Stored XSS
Account takeover |
NA |
Anurag__Verma |
Bug Bounty | 2023-02-27 | 2023-06-13 |
| 329 | Self XSS To Stored Through IDOR/ |
IDOR
Self-XSS
Stored XSS |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
| 266 | CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip |
Stored XSS |
Grafana Labs |
Aswin K V (@deep_marketer_) |
Bug Bounty | 2023-03-25 | 2023-06-13 |
| 254 | It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS |
RCE
Stored XSS
Security code review |
LibreNMS |
Stefan Schiller (@scryh_) |
Bug Bounty | 2023-03-29 | 2023-06-13 |
| 218 | Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348 |
Stored XSS |
Zimbra |
Guillaume Jacques |
Bug Bounty | 2023-04-07 | 2023-06-13 |
| 211 | CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score |
Stored XSS
Markdown XSS
Supply chain attack |
Snyk |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2023-04-10 | 2023-06-13 |
| 141 | Bug Bounty Writeup: Stored XSS Vulnerability WAF Bypass |
Stored XSS
WAF bypass |
NA |
Rafael Silva "lopseg" |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 114 | How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain |
RCE
Unrestricted file upload
Stored XSS
Information disclosure
Directory listing |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-05-07 | 2023-06-13 |
| 25 | A short white box code audit of avo |
Stored XSS
DoS |
Avo |
Paul Werther |
Bug Bounty | 2023-06-05 | 2023-06-13 |
