universal-xss

1 article

sort: new top best

bug-bounty545 xss278 rce184 google160 exploit129 facebook126 malware126 microsoft125 bragging-post120 account-takeover110 cve103 open-source91 privilege-escalation88 csrf82 authentication-bypass75 stored-xss72 phishing71 access-control65 ai-agents63 reflected-xss61 apple56 input-validation53 web-security53 reverse-engineering50 ssrf49 writeup49 sql-injection49 cross-site-scripting48 dos48 browser47 supply-chain47 tool46 smart-contract46 defi45 ethereum45 privacy44 web-application43 web341 cloudflare40 information-disclosure39 llm37 responsible-disclosure37 opinion35 api-security35 burp-suite35 vulnerability-disclosure34 idor34 lfi34 automation34 race-condition33

0 7/10

3 XSS in protonmail for iOS

vulnerability

Security researcher Vladimir Metnew discovered 3 XSS vulnerabilities in ProtonMail's iOS app: one in applewebdata: origin via SVG onload, another via javascript: URI anchor tag, and a third in data: origin via embedded base64-encoded HTML. While initially dismissed by ProtonMail as non-critical, the vulnerabilities enabled UXSS execution and potential privacy violations including email tracking and IP disclosure.

xss cross-site-scripting ios mobile-security email-client dompurify webkit uxss universal-xss applewebdata javascript-uri svg-payload embed-tag base64-encoding responsible-disclosure bug-bounty

ProtonMail Vladimir Metnew DOMPurify Cure53 CVE-2016-1764 Webkit Safiler Anatoly Andy Yen

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 14 hours ago · details