bug-bounty484
google314
xss279
microsoft259
facebook219
rce172
apple153
exploit142
malware107
bragging-post102
account-takeover100
cve89
csrf84
privilege-escalation80
authentication-bypass66
stored-xss65
writeup62
phishing57
reflected-xss57
browser55
react54
dos53
ssrf52
access-control50
input-validation49
cloudflare49
cross-site-scripting48
supply-chain47
node47
aws46
docker46
sql-injection45
smart-contract45
ethereum44
web-security43
oauth43
web-application43
defi43
web340
reverse-engineering39
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
csp-bypass32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
0
5/10
Security researcher discovered a reflective XSS vulnerability and open redirect flaw on Indeed's offers.indeed.com subdomain via the 'target' URL parameter in a PDF report functionality. The vulnerability allowed arbitrary JavaScript execution and redirection to external sites, which was patched by Indeed within a week.
reflective-xss
open-redirect
bug-bounty
subdomain-enumeration
parameter-manipulation
client-side-vulnerability
Indeed.com
offers.indeed.com
Sublist3r
Bugcrowd
Syntax Error
0
7/10
vulnerability
A CSP bypass vulnerability in Microsoft Edge (CVE-2017-0135) where attackers could abuse the XSS filter's default mode to disable meta-tag-based CSP policies by appending malicious meta elements as URL parameters, causing the filter to neuterase the legitimate CSP declaration and allow script execution.
csp-bypass
xss-filter
microsoft-edge
reflective-xss
browser-vulnerability
meta-tag-injection
internet-explorer
cve-2017-0135
bug-bounty
CVE-2017-0135
MS17-007
Microsoft Edge
Internet Explorer 8
Xiaoyin Liu
MSRC
FreeBuf