bug-bounty622
facebook464
xss316
google151
rce105
microsoft97
apple65
csrf61
account-takeover54
web354
writeup51
exploit42
sqli41
cve37
ssrf35
cloudflare33
dos33
malware29
privilege-escalation29
defi28
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
smart-contract23
clickjacking23
access-control21
node21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
react17
cloud17
reverse-engineering16
cors16
docker16
oauth15
info-disclosure15
race-condition15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
bug-bounty
A CORS misconfiguration on api.artsy.net allows attackers to exfiltrate authenticated user credentials and sensitive data (email, phone, authentication tokens, etc.) by hosting malicious JavaScript that exploits the overly permissive Access-Control-Allow-Credentials and Access-Control-Allow-Origin headers.
cors
cross-origin-resource-sharing
insecure-cors
credential-exposure
api-security
xmlhttprequest
authentication-bypass
bug-bounty
web-security
data-exfiltration
access-control-allow-credentials
same-origin-policy-bypass
api.artsy.net
MuhammadKhizerJaved
GeekBoy
HackerOne
Bugcrowd
Apple
Google
Facebook
BlackHat MEA
0
bug-bounty
A researcher exploited CORS misconfiguration combined with reflected XSS on a Netgear subdomain to extract sensitive user data (email, age, gender, DOB) by sending malicious links that executed JavaScript in the attacker's context and exfiltrated API responses. The vulnerability required an endpoint that accepted subdomain origins and an XSS vulnerability on a whitelisted subdomain to execute the data theft payload.
cors-misconfiguration
xss
cross-site-scripting
cross-origin-resource-sharing
subdomain
api-security
credential-theft
bug-bounty
sensitive-data-exposure
xmlhttprequest
origin-validation
Netgear
Bugcrowd
James Kettle
Daniel Bakker
Kaushal Parikh
Noman Shaikh