bug-bounty495
xss287
google255
microsoft211
facebook181
rce169
exploit126
apple126
bragging-post112
account-takeover112
malware110
cve96
privilege-escalation86
csrf86
stored-xss74
authentication-bypass72
reflected-xss61
phishing59
access-control57
writeup56
web-security55
open-source55
dos52
browser52
input-validation50
ssrf48
defi48
smart-contract47
cross-site-scripting47
cloudflare45
reverse-engineering44
ethereum44
sql-injection44
supply-chain43
react43
oauth42
ai-agents41
web-application38
web337
aws37
lfi37
docker36
burp-suite36
api-security35
information-disclosure34
html-injection33
race-condition33
smart-contract-vulnerability33
idor32
waf-bypass31
0
7/10
bug-bounty
A stored XSS vulnerability in InternShala.com exploited through a JSON endpoint with incorrect text/html content-type header. The attacker bypassed multiple filters (whitespace, forward slashes, alert/prompt functions, parentheses, angle brackets) using character substitution and URL encoding to inject a working XSS payload via the current_city_administrative_area_level_2 parameter.
xss
content-type-header
filter-bypass
html-injection
csrf
character-encoding
event-handler-injection
internshala
InternShala.com
Noman Shaikh