bug-bounty448
google356
microsoft314
facebook264
xss238
apple180
malware175
rce149
exploit127
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
input-validation48
cross-site-scripting48
reverse-engineering48
access-control47
docker46
aws45
smart-contract45
node44
ethereum43
web343
defi42
web-security42
sql-injection42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
html-injection33
buffer-overflow33
writeup32
cloud32
oauth32
smart-contract-vulnerability32
information-disclosure30
0
8/10
bug-bounty
XSS vulnerability in dynamically generated PDF endpoint where unsanitized user input (utrnumber parameter) is rendered as HTML/JavaScript in PDFs, allowing arbitrary JavaScript execution under file:// origin and enabling local file read via XMLHttpRequest to access /etc/passwd.
xss
local-file-read
pdf-generation
server-side-xss
javascript-execution
file-protocol
xmlhttprequest
dom-manipulation
parameter-injection
bug-bounty
Rahul Maini
Bugcrowd
xyz.com
0
6/10
vulnerability
Reflected XSS vulnerability in Google Code Jam's scoreboard page that fires in toast messages, exploitable in browsers without CSP support (e.g., IE), allowing attackers to hijack victim accounts and modify profile information through DOM manipulation.
reflected-xss
csp-bypass
google-code-jam
web-security
account-takeover
dom-manipulation
browser-quirks
Google Code Jam
Thomas Orlita
gstatic.com