bug-bounty480
google300
xss277
microsoft250
facebook213
rce160
apple150
exploit137
bragging-post102
account-takeover98
malware94
csrf84
cve80
privilege-escalation75
stored-xss65
authentication-bypass64
writeup61
reflected-xss57
browser55
react54
cloudflare51
ssrf51
dos50
phishing50
access-control49
input-validation48
cross-site-scripting48
node47
docker46
aws46
smart-contract45
sql-injection45
ethereum44
supply-chain44
defi43
web-security43
web-application41
oauth41
web339
burp-suite36
lfi35
vulnerability-disclosure34
idor34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
reverse-engineering31
information-disclosure30
csp-bypass30
0
7/10
bug-bounty
A persistent XSS vulnerability was discovered in PayPal's Braintree payment gateway where the cancelUrl parameter was reflected in script context on the PayPal login page without proper sanitization. By escaping quote characters and injecting HTML5 event listeners, attackers could implement keylogging to steal passwords despite PayPal's Content Security Policy restrictions by using postMessage API.
persistent-xss
password-theft
keylogging
csp-bypass
braintree
paypal
web-application
bug-bounty
payment-gateway
html5-event-listeners
csrf
script-injection
PayPal
Braintree
Casper Sleep Inc.
braintree/web/3.9.0
0
5/10
bug-bounty
A researcher discovered a stored XSS vulnerability in Optimizely's experiment preview feature that allowed injecting malicious JavaScript to log keystrokes from a different domain (optimizelypreview.com) by embedding scripts in the user's website.
Armaan Pathan
Optimizely
cobalt.io