A persistent XSS vulnerability was discovered in PayPal's Braintree payment gateway where the cancelUrl parameter was reflected in script context on the PayPal login page without proper sanitization. By escaping quote characters and injecting HTML5 event listeners, attackers could implement keylogging to steal passwords despite PayPal's Content Security Policy restrictions by using postMessage API.
A persistent XSS vulnerability was discovered in AH.nl's avatar upload feature where user input was not properly sanitized, allowing attackers to inject malicious JavaScript that would execute for all site visitors viewing the attacker's profile. The exploit bypassed firewall filters using obfuscation techniques like 'onerroronerror==' and leveraged jQuery's getScript() to load external malicious code for cookie theft and phishing attacks.
Jonathan Bouman discovered a persistent XSS vulnerability in LinkedIn's article embed feature by exploiting unvalidated Open Graph tags, specifically the og:video tag, to inject malicious HTML and create fake phishing login screens that could steal user credentials. The vulnerability leverages LinkedIn's content embedding functionality which processes Open Graph metadata without proper validation, allowing attackers to inject arbitrary content into iframes on LinkedIn articles.
A persistent XSS vulnerability on eBay's My World profile section exploited a blacklist-based HTML filter that failed to block deprecated tags like <plaintext>, <fn>, and <credit>. The attacker chained this with event handlers, String.fromCharCode/eval to bypass character limits, missing CSRF protection, and unHTTPOnly cookies to create a self-propagating worm that could steal session tokens.
A researcher documents discovering multiple MIME sniffing-dependent XSS vulnerabilities at Google by exploiting improper Content-Type headers and missing X-Content-Type-Options: nosniff headers, earning thousands in bounties while exploring how browsers may interpret non-HTML content as executable code.