Etiqueta: Practitioner

Reflected XSS in canonical link tag

Reflected XSS with some SVG markup allowed

Reflected XSS into HTML context with all tags blocked except custom ones

Reflected XSS into HTML context with most tags and attributes blocked

Stored DOM XSS

Reflected DOM XSS

DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

DOM XSS in document.write sink using source location.search inside a select element

Multistep clickjacking

Exploiting clickjacking vulnerability to trigger DOM-based XSS