bug-bounty531
xss284
rce163
bragging-post120
google112
exploit103
account-takeover100
open-source91
microsoft82
privilege-escalation79
csrf78
cve76
authentication-bypass75
stored-xss72
facebook72
malware69
access-control65
ai-agents63
reflected-xss61
writeup57
web-security53
ssrf53
input-validation53
sql-injection49
cross-site-scripting48
phishing47
tool46
smart-contract46
defi45
ethereum45
privacy44
web-application43
cloudflare41
apple40
information-disclosure39
web338
dos38
responsible-disclosure37
llm37
lfi36
browser36
api-security35
burp-suite35
opinion35
automation34
oauth34
reverse-engineering34
vulnerability-disclosure34
machine-learning32
code-generation31
0
5/10
A researcher discovered a stored XSS vulnerability in a web application's internal notification system by injecting HTML/SVG payloads into company names during user invitation functionality, which were then reflected without sanitization when users viewed invitation notifications.
Oleksandr Opanasiuk