bug-bounty448
google357
microsoft314
facebook265
xss240
apple181
malware167
rce149
exploit129
bragging-post101
cve99
account-takeover91
phishing79
csrf79
privilege-escalation77
stored-xss64
supply-chain62
authentication-bypass62
dos59
reflected-xss57
browser56
react51
cloudflare49
reverse-engineering48
input-validation48
access-control47
docker46
cross-site-scripting46
smart-contract45
aws45
node45
web344
ethereum43
sql-injection42
defi42
ssrf40
web-security40
web-application39
burp-suite35
vulnerability-disclosure34
idor34
race-condition33
html-injection33
info-disclosure33
writeup33
buffer-overflow32
cloud32
oauth32
smart-contract-vulnerability32
information-disclosure30
0
8/10
research
PortSwigger researchers discovered a practical XSS exploitation technique for hidden input fields using the accesskey attribute combined with onclick events, which works across modern browsers including Firefox and Chrome by triggering payload execution via keyboard shortcuts (ALT+SHIFT+X on Windows, CTRL+ALT+X on macOS).
xss
cross-site-scripting
hidden-input
accesskey-attribute
onclick-event
browser-exploitation
firefox
chrome
vulnerability-technique
web-security
input-validation
PortSwigger
Burp Suite
Gareth Heyes
Liam