bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
5/10
bug-bounty
Security researcher reports six clickjacking vulnerabilities across Google services (Play Store, Payments, Docs Picker, Sites) totaling $14,981.70, exploiting improper X-Frame-Options/CSP configurations and open redirects to enable unauthorized user actions like unintended subscription charges, account compromise, and private content exposure.
clickjacking
x-frame-options
csp-bypass
open-redirection
google-play
google-payments
google-docs
google-sites
youtube
frame-ancestors
bragging-post
Google Play
Google Payments
Google Docs Picker
Google Sites
YouTube
Raushan Raj