A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.
A reflected XSS vulnerability was discovered on Philips.com through enabled Adobe Experience Manager debug mode in production, allowing HTML injection via the debug=layout parameter. The attack bypassed ModSecurity and Akamai WAF by using a <body onpointerenter> tag combined with jQuery.getScript() to load external JavaScript, enabling phishing and credential theft from authenticated users.