bug-bounty466
google368
microsoft314
facebook267
xss261
apple177
malware177
rce176
exploit153
cve117
account-takeover106
bragging-post102
phishing84
csrf84
privilege-escalation83
supply-chain69
browser68
stored-xss65
authentication-bypass64
dos63
reflected-xss57
react55
cloudflare52
reverse-engineering50
access-control48
input-validation48
cross-site-scripting48
node48
aws47
docker46
smart-contract45
ssrf44
ethereum44
web343
defi43
web-security43
sql-injection43
writeup42
web-application41
oauth40
race-condition36
auth-bypass35
burp-suite35
info-disclosure35
lfi34
vulnerability-disclosure34
idor34
buffer-overflow33
cloud33
html-injection33
0
5/10
bug-bounty
First valid reflected XSS vulnerability found via HTML comment injection by discovering that user-supplied URL paths were reflected in commented-out strings in page source, allowing script tag injection through comment closure payloads.
xss
reflected-xss
html-comment-injection
bug-bounty
hackerone
recon
subdomain-enumeration
payload-crafting
HackerOne
Jatin Nandwana