Contents
References
- Portswigger: XSS
- Portswigger: XSS cheat sheet
- XSS on forums.oculusvr.com leads to Oculus and Facebook account takeovers
- $25K Instagram Almost XSS Filter Link — Facebook Bug Bounty
- The Bug That Exposed Your PayPal Password
- XSS in GMail’s AMP4Email via DOM Clobbering
- From Parameter Pollution to XSS
- Stored XSS on Snapchat
- Stored XSS, and SSRF in Google using the Dataset Publishing Language
- How I found a stored XSS on thousands of webshops
- hxp CTF 2018: µblog
- Cross-Site Scripting to Local File Inclusion on Trello’s App
- App Maker and Colaboratory: a stored Google XSS double-bill
- Managed Apps and Music: a tale of two XSSes in Google Play
- [dev.twitter.com] XSS
- Uber XSS via Cookie
- Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities
- Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded
- Uber XSS 7000$
- AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2
- Coming across an XSS vulnerability at Google sites
- Combining host header injection and lax host parsing serving malicious data
- Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212)
- Yahoo Mail stored XSS #2
- Yahoo Mail stored XSS
- Google Account Recovery XSS
- Google RPO Gadgets Lead to XSS
- Sleeping stored Google XSS Awakens a $5000 Bounty
- XSS via Host header - www.google.com/cse
- Google, Open Redirects that Matter
- How I got the Bug Bounty for Mega.co.nz XSS
- Google Account Recovery Vulnerability