bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware171
rce149
exploit131
bragging-post101
cve99
account-takeover92
phishing81
csrf79
privilege-escalation77
stored-xss64
supply-chain64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting47
access-control47
docker46
smart-contract45
node45
aws45
web344
ethereum43
sql-injection42
defi42
web-security40
ssrf40
web-application39
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
cloud33
buffer-overflow33
html-injection33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
8/10
Multiple DOM-based XSS vulnerabilities discovered in iframe buster implementations from major ad tech vendors (Adform, Eyeblaster, Adtech) due to weak regex and whitelist validation on user-controlled parameters, allowing attackers to inject arbitrary JavaScript on top-tier publisher sites.
xss
dom-based-xss
iframe-buster
ad-tech
whitelist-bypass
regex-bypass
parameter-injection
same-origin-policy
adform
eyeblaster
adtech
publisher-vulnerability
advertising-tech
Randy Westergren
Adform
Eyeblaster
Adtech
Google DoubleClick
CNN
Fandango
Forbes