Use when performing penetration testing targeting cross-site scripting vulnerabilities including stored, reflected, and DOM-based XSS. Keywords: XSS, stored XSS, reflected XSS, DOM XSS, content injection, HTML injection, JavaScript injection, CSP bypass
Installation
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
摘要: A new XSS vulnerability was discovered in Brave iOS 1.31.1 and higher, which allowed attackers to execute malicious scripts on ReaderMode pages. The vulnerability was caused by a relaxation of the CSP...
Case 2: Khan Academy — XSS on using the legacy "Graphie To Png" API
严重度: Critical | CWE: Cross-site Scripting (XSS) - DOM
摘要: The legacy "Graphie To Png" API was vulnerable to exploitation. An attacker could upload malicious graphies that included harmful SVG and JSON data. The SVG contained an onload attribute that execut...
摘要: A stored XSS vulnerability was reported in the LinkedIn Article feature, where a malicious JavaScript payload could be embedded in the URL field of an iframe. When such an article was published and ac...
摘要: The reflected XSS vulnerability was found in the 'nin' parameter of the 'https://nin.mtn.ng/nin/success' endpoint. Successful exploitation allowed an attacker to execute arbitrary JavaScript in the vi...
摘要: The victim could craft a custom message using the REST API that, once seen by the observer, executed arbitrary code in the context of the client user. The vulnerability was present in the attachment f...
Case 6: 8x8 — Stored xss at https://█.8x8.com/api/█/ID
严重度: High | CWE: Cross-site Scripting (XSS) - Stored
摘要: A vulnerability was reported where stored data could be modified to introduce malicious JavaScript that would execute in a victim's browser when the data was retrieved. The issue was isolated to a ran...
Case 8: Acronis — Potential XSS Vulnerability in Acronis Login Callback URL
严重度: High | CWE: Cross-site Scripting (XSS) - Generic
摘要: The Acronis login callback URL was found to be vulnerable to cross-site scripting (XSS) attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitra...
Case 9: Acronis — Blind XSS on admin.acronis.com via delete account form on account.acronis.com
严重度: High | CWE: Cross-site Scripting (XSS) - Stored
摘要: Blind XSS vulnerability was discovered on admin.acronis.com. The vulnerability could be triggered by sending a payload during the account deletion process on account.acronis.com.
严重度: High | CWE: Cross-site Scripting (XSS) - Stored
摘要: A stored cross-site scripting (XSS) vulnerability was discovered in the AREA tutorials feature. The vulnerability could have allowed an attacker to inject malicious JavaScript code when publishing a t...