bug-bounty462
xss234
bragging-post117
microsoft90
rce89
google88
account-takeover82
open-source79
csrf77
authentication-bypass76
facebook75
stored-xss74
web-security64
reflected-xss63
apple62
access-control61
privilege-escalation60
ai-agents59
input-validation51
malware49
defi48
sql-injection48
smart-contract47
cross-site-scripting47
ethereum44
api-security42
information-disclosure41
privacy39
web-application39
cve38
phishing37
tool37
ssrf37
burp-suite36
automation34
llm34
html-injection33
web333
smart-contract-vulnerability33
vulnerability-disclosure33
exploit32
responsible-disclosure32
waf-bypass31
opinion31
denial-of-service30
idor29
machine-learning29
code-generation28
authentication27
dos27
0
6/10
bug-bounty
Three case studies of reflected XSS vulnerabilities discovered on Synack: (1) XSS via javascript: protocol in a referrer parameter, (2) XSS via improper output encoding in account details form fields, and (3) XSS via unfiltered email parameter in password recovery page. Each demonstrates different exploitation vectors and input validation bypasses.
xss
reflected-xss
bug-bounty
web-application
input-validation
javascript-injection
url-parameter
dom
csrf
password-reset
referrer-header
account-details
burp-suite
Gaurav Narwani
Synack
example.com
brutelogic
_zulln