Reflected DOM XSS vulnerability in silvergoldbull.com/bt.html exploitable via base64-encoded URL parameters, combined with clickjacking via iframe injection to steal user credentials through a fake login page. The vulnerability leverages obfuscated JavaScript that decodes and executes user-supplied parameters without proper sanitization.
A researcher exploited a reflected XSS vulnerability combined with CSRF to steal httpOnly session cookies by leveraging the server's practice of returning session tokens in response bodies. The attack uses String.fromCharCode concatenation to bypass character filtering and executes XMLHttpRequest to extract the session cookie from login endpoint responses.
A stored XSS vulnerability in EspoCRM 5.6.8's email signature field (exploited via polyglot payload bypassing sanitization) allows attackers to steal authentication cookies when victims reply to emails, enabling complete account takeover of any user including admins. The vulnerability stems from unprotected HttpOnly cookies containing Base64-encoded credentials that can be extracted via malicious JavaScript.
Technical writeup on bypassing uppercase character filters in URL-based XSS vulnerabilities using JSFuck obfuscation techniques. The authors demonstrate constructing a complete alphabet from JavaScript primitive values and achieving arbitrary code execution with jQuery's getScript to escalate a Low severity XSS to Critical by loading external malicious scripts.