bug-bounty528
xss284
rce158
google121
bragging-post120
exploit100
account-takeover99
open-source91
microsoft87
csrf78
facebook78
privilege-escalation76
authentication-bypass75
cve72
stored-xss72
malware68
access-control65
ai-agents63
reflected-xss61
writeup56
ssrf53
input-validation53
web-security53
sql-injection49
cross-site-scripting48
smart-contract46
tool46
defi45
ethereum45
privacy44
web-application43
apple43
phishing42
cloudflare41
browser40
information-disclosure39
dos38
web337
llm37
responsible-disclosure37
lfi36
burp-suite35
opinion35
api-security35
oauth34
automation34
vulnerability-disclosure34
reverse-engineering34
idor32
machine-learning32
0
6/10
bug-bounty
A stored XSS vulnerability was discovered in Zendesk's macro description field that could be exploited by bypassing the WAF by entering a benign value initially, then editing the field to insert the malicious payload after creation. The vulnerability was confirmed with an image onerror payload that triggered on the homepage.
stored-xss
xss-vulnerability
waf-bypass
zendesk
macro
bug-bounty
web-application-firewall
payload-encoding
Zendesk
Hariharan S
P5YCH0