bug-bounty460
xss231
bragging-post117
rce87
microsoft82
google81
account-takeover81
open-source79
csrf77
authentication-bypass76
facebook75
stored-xss74
web-security64
reflected-xss63
access-control61
apple59
ai-agents59
privilege-escalation58
input-validation51
defi48
sql-injection48
cross-site-scripting47
smart-contract47
ethereum44
api-security42
information-disclosure41
web-application39
privacy39
tool37
ssrf36
burp-suite36
malware34
llm34
automation34
html-injection33
smart-contract-vulnerability33
vulnerability-disclosure33
web333
responsible-disclosure32
phishing32
opinion31
waf-bypass31
denial-of-service30
cve30
idor29
machine-learning29
code-generation28
authentication27
remote-code-execution26
infrastructure25
0
6/10
bug-bounty
Three case studies of reflected XSS vulnerabilities discovered on Synack: (1) XSS via javascript: protocol in a referrer parameter, (2) XSS via improper output encoding in account details form fields, and (3) XSS via unfiltered email parameter in password recovery page. Each demonstrates different exploitation vectors and input validation bypasses.
xss
reflected-xss
bug-bounty
web-application
input-validation
javascript-injection
url-parameter
dom
csrf
password-reset
referrer-header
account-details
burp-suite
Gaurav Narwani
Synack
example.com
brutelogic
_zulln