bug-bounty495
xss287
google255
microsoft211
facebook181
rce169
exploit126
apple126
bragging-post112
account-takeover112
malware110
cve96
privilege-escalation86
csrf86
stored-xss74
authentication-bypass72
reflected-xss61
phishing59
access-control57
writeup56
web-security55
open-source55
dos52
browser52
input-validation50
ssrf48
defi48
smart-contract47
cross-site-scripting47
cloudflare45
reverse-engineering44
ethereum44
sql-injection44
supply-chain43
react43
oauth42
ai-agents41
web-application38
web337
aws37
lfi37
docker36
burp-suite36
api-security35
information-disclosure34
html-injection33
race-condition33
smart-contract-vulnerability33
idor32
waf-bypass31
0
6/10
A researcher discovered a Reflected XSS vulnerability in a video game company's language parameter that, when combined with weak web cache poisoning behavior, allowed cached payload execution across all site pages and enabled account takeover through session cookie theft (due to missing HttpOnly and Secure flags).
reflected-xss
web-cache-poisoning
account-takeover
cookie-theft
httponly-flag
secure-flag
csp-bypass
bug-bounty
session-hijacking
Lütfü Mert Ceylan
OWASP
Detectify
PortSwigger
Zerocopter