bug-bounty480
google300
xss277
microsoft250
facebook213
rce160
apple150
exploit137
bragging-post102
account-takeover98
malware94
csrf84
cve80
privilege-escalation75
stored-xss65
authentication-bypass64
writeup61
reflected-xss57
browser55
react54
cloudflare51
ssrf51
dos50
phishing50
access-control49
input-validation48
cross-site-scripting48
node47
docker46
aws46
smart-contract45
sql-injection45
ethereum44
supply-chain44
defi43
web-security43
web-application41
oauth41
web339
burp-suite36
lfi35
vulnerability-disclosure34
idor34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
reverse-engineering31
information-disclosure30
csp-bypass30
0
7/10
vulnerability
A reflected XSS vulnerability was discovered in Microsoft Dynamics 365's "Personal Document Template: Information" page, where user first and last name fields were reflected without proper encoding, allowing malicious JavaScript execution when victims viewed the template information page.
xss
cross-site-scripting
reflected-xss
dynamics-365
microsoft
input-validation
output-encoding
penetration-testing
vulnerability-disclosure
saas
Microsoft Dynamics 365
Tim Kent
Microsoft Security Response Center
Azure AD
0
8/10
A researcher discovered a blind XSS vulnerability in GoDaddy's internal customer support panel by injecting XSS payloads into user profile fields (first/last name), which executed when support agents accessed the CRM system. The vulnerability allowed arbitrary actions on customer accounts including domain transfers and account deletion, demonstrating how data poisoning can compromise backend systems drawing from shared data stores.
blind-xss
stored-xss
customer-support
internal-panel
dom-based-xss
xss-hunter
data-poisoning
bug-bounty
godaddy
input-validation
output-encoding
session-hijacking
beef-hook
GoDaddy
XSS Hunter
Cobalt
BeEF
crm.int.godaddy.com
sso.godaddy.com