bug-bounty481
google307
xss278
microsoft260
facebook216
rce162
apple155
exploit141
bragging-post102
malware99
account-takeover98
csrf84
cve82
privilege-escalation75
stored-xss65
authentication-bypass65
writeup61
browser58
reflected-xss57
react54
phishing53
cloudflare52
ssrf51
dos51
input-validation49
access-control49
cross-site-scripting48
node48
aws46
docker46
smart-contract45
sql-injection45
ethereum44
defi43
supply-chain43
web-security43
web-application42
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
idor35
vulnerability-disclosure34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
csp-bypass30
0
7/10
A researcher demonstrated how to escalate self-XSS into non-self stored XSS on PayPal's Technical Support and Brand Central portals by exploiting inadequate file content validation (allowing malicious SVG files) and authorization issues that permitted unauthenticated users to submit tickets to registered accounts. The vulnerability enabled attackers to inject malicious scripts that would execute when support staff or authorized users accessed the tickets.
stored-xss
self-xss
authorization-bypass
file-upload
svg-xss
paypal
content-validation
filename-injection
privilege-escalation
PayPal
paypal-techsupport.com
paypal-brandcentral.com
YoKo Kho
BruteLogic