bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware171
rce149
exploit131
bragging-post101
cve99
account-takeover92
phishing81
csrf79
privilege-escalation77
stored-xss64
supply-chain64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting47
access-control47
docker46
smart-contract45
node45
aws45
web344
ethereum43
sql-injection42
defi42
web-security40
ssrf40
web-application39
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
cloud33
buffer-overflow33
html-injection33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
8/10
vulnerability
XSS vulnerability in a conference application (likely Zoom or similar) that chains to RCE via Node.js process execution in the native OS X client. The exploit uses String.fromCharCode to bypass quote filtering and jQuery's $.getScript() to fetch and execute remote code that spawns arbitrary processes.
xss
rce
remote-code-execution
nodejs
process-execution
string-filtering-bypass
jquery-gadget
native-app-vulnerability
unauthenticated-access
meeting-platform
payload-crafting
ActBlue
RSnake
patrick
ben
greg
GitHub
Node
jQuery
String.fromCharCode
process.open
xor.cc