bug-bounty490
google398
microsoft329
xss293
facebook288
rce199
exploit191
apple187
malware173
cve127
account-takeover113
bragging-post101
csrf86
privilege-escalation85
phishing81
browser80
supply-chain67
writeup66
dos66
stored-xss64
react64
authentication-bypass62
reflected-xss57
cloudflare56
node55
reverse-engineering53
ssrf51
aws51
docker50
input-validation48
access-control47
cross-site-scripting46
oauth46
smart-contract45
web345
ethereum43
defi42
sql-injection42
lfi41
web-security40
info-disclosure40
cloud39
web-application39
race-condition38
pentest37
ctf36
idor35
burp-suite35
vulnerability-disclosure34
html-injection33
0
8/10
A creative XSS exploitation technique that transforms a reflected/stored XSS vulnerability in Swisscom's Bluewin webmail into a self-propagating worm via malicious attachment filenames. The worm leverages unescaped angle brackets in attachment metadata to inject JavaScript that can automatically enumerate and send itself to other users' contacts.
xss
worm
web-application-vulnerability
bug-bounty
webmail
self-propagating
attachment-injection
dom-based-xss
email-exploitation
proof-of-concept
Swisscom
Bluewin
webmail.bluewin.ch
rich-v01.bluewin.ch
Nicolas Heiniger
Alexandre
Florian
BlackAlps
0
8/10
vulnerability
A persistent XSS vulnerability on eBay's My World profile section exploited a blacklist-based HTML filter that failed to block deprecated tags like <plaintext>, <fn>, and <credit>. The attacker chained this with event handlers, String.fromCharCode/eval to bypass character limits, missing CSRF protection, and unHTTPOnly cookies to create a self-propagating worm that could steal session tokens.
persistent-xss
html-injection
blacklist-bypass
deprecated-tags
event-handlers
csrf-absence
cookie-theft
httponly-missing
worm
ebay
eBay
myworld.ebay.com
plaintext
fn
credit