A reflected XSS vulnerability was discovered on Yahoo Finance's mobile version via the /quote/ endpoint. The attacker bypassed filters that converted lowercase characters to uppercase by using HTML entity encoding (e.g., a for 'a') to evade the case-sensitivity filter and successfully execute JavaScript.
A researcher chained a stored XSS vulnerability in a mindmap feature with JWT token theft from localStorage and an unauthenticated email-change endpoint to achieve full account takeover. The critical challenge was properly escaping JSON payloads nested within JavaScript code inside an SVG onload handler, which was ultimately solved using eval() to convert single-quoted JSON to double-quoted JSON.
A researcher chained a CSRF vulnerability with a stored XSS flaw to create persistent XSS attacks. By leveraging missing CSRF protection on a template creation endpoint and exploiting HTML/SVG injection in description fields, an attacker could trick victims into creating malicious templates that execute JavaScript when viewed.
Researcher bypassed imgur.com's XSS protection by combining stripped <script> tags with event handlers (SVG onload) to achieve stored XSS. The bypass exploited the application's character-filtering logic by nesting disallowed tags within each other to reconstruct the malicious payload after sanitization.