bug-bounty498
google355
xss301
microsoft298
facebook263
rce211
exploit200
malware171
apple164
cve136
account-takeover115
bragging-post102
privilege-escalation95
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain68
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering55
react52
access-control51
input-validation49
cross-site-scripting48
aws47
cloudflare47
docker46
web-security46
lfi46
sql-injection45
smart-contract45
ethereum44
web-application44
web343
defi43
ctf43
oauth43
node43
pentest40
race-condition39
idor37
open-source37
cloud37
burp-suite36
info-disclosure36
auth-bypass35
0
6/10
vulnerability
A stored XSS vulnerability where unsanitized URL parameters (refclickid) are stored in cookies and later reflected in JSON responses within script tags, allowing arbitrary JavaScript execution on any page visit. The vulnerability relies on the application trusting cookie values without sanitization when inserting them into script contexts.
stored-xss
cookie-injection
input-sanitization
javascript
bug-bounty
web-security
vulnerability-writeup
Arbaz Hussain
HackerOne
0
6/10
vulnerability
Stored XSS vulnerability discovered in RunKeeper's user profile name field that reflects malicious payloads to all users viewing the profile, combined with site-wide CSRF issues enabling creation of an XSS worm that forces victims to follow attacker accounts. The vulnerability was originally reported in 2013, but a bypass was found in 2015.
stored-xss
cross-site-scripting
csrf
cross-site-request-forgery
input-validation
web-application
vulnerability-writeup
xss-worm
fitness-tracking
RunKeeper
ASICS
Mohamed A. Baset
David Sopas
Seekurity
Norwegian Consumer Council
Jason Jacobs