https://appsec.fyi/xss.html Curated XSS resources from appsec.fyi en-us Thu, 09 Apr 2026 13:57:40 +0000 carl@chs.us (Carl Sampson) https://www.startupdefense.io/blog/browser-based-attacks-2026-startup-guide https://www.startupdefense.io/blog/browser-based-attacks-2026-startup-guide Browser-Based Attacks in 2026: What Every Startup Needs to Know XSS Mon, 06 Apr 2026 02:01:08 +0000 https://www.herodevs.com/blog-posts/cve-2025-1647-bootstrap-3-xss-vulnerability-via-dom-clobbering-in-tooltip-and-popover-components https://www.herodevs.com/blog-posts/cve-2025-1647-bootstrap-3-xss-vulnerability-via-dom-clobbering-in-tooltip-and-popover-components CVE-2025-1647: Bootstrap 3 XSS Vulnerability via DOM Clobbering XSS Mon, 06 Apr 2026 02:01:07 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-32629/ https://www.sentinelone.com/vulnerability-database/cve-2026-32629/ CVE-2026-32629: phpMyFAQ XSS Vulnerability XSS Mon, 06 Apr 2026 02:01:05 +0000 https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks Cross-site leaks (XS-Leaks) - Security - MDN Web Docs XSS Mon, 06 Apr 2026 02:01:04 +0000 https://medium.com/@renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d https://medium.com/@renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d Site-DOM-XSS using Cookie Injection: The AI Hackers are Coming XSS Mon, 06 Apr 2026 02:01:02 +0000 https://github.com/devanshbatham/Awesome-Bugbounty-Writeups https://github.com/devanshbatham/Awesome-Bugbounty-Writeups Awesome Bug Bounty Writeups - Curated List by Bug Type XSS Fri, 03 Apr 2026 15:54:35 +0000 https://github.com/AkarshYash/Cross-Site-Scripting-XSS--Exploit-Payloads https://github.com/AkarshYash/Cross-Site-Scripting-XSS--Exploit-Payloads XSS Exploit Payloads - DOM, Reflected, Stored, and WAF Bypass XSS Fri, 03 Apr 2026 15:54:34 +0000 https://lopseg.medium.com/bug-bounty-writeup-stored-xss-vulnerability-waf-bypass-f38aae7ff9eb https://lopseg.medium.com/bug-bounty-writeup-stored-xss-vulnerability-waf-bypass-f38aae7ff9eb Stored XSS Vulnerability WAF Bypass Writeup XSS Fri, 03 Apr 2026 15:54:32 +0000 https://foysal1197.medium.com/reflected-xss-with-waf-bypass-a-creative-payload-that-worked-20e44e9ab23d https://foysal1197.medium.com/reflected-xss-with-waf-bypass-a-creative-payload-that-worked-20e44e9ab23d Reflected XSS with WAF Bypass — A Creative Payload That Worked XSS Fri, 03 Apr 2026 15:54:31 +0000 https://www.bugbountyhunter.com/vulnerability/?type=xss https://www.bugbountyhunter.com/vulnerability/?type=xss Learn about Cross Site Scripting (XSS) | BugBountyHunter.com XSS Fri, 03 Apr 2026 15:54:29 +0000 https://medium.com/@asifebrahim580/dom-based-xss-in-single-page-applications-spas-a-complete-guide-for-beginners-bug-bounty-56d4e496a0a0 https://medium.com/@asifebrahim580/dom-based-xss-in-single-page-applications-spas-a-complete-guide-for-beginners-bug-bounty-56d4e496a0a0 DOM-Based XSS in Single Page Applications (SPAs): A Complete Guide XSS Fri, 03 Apr 2026 15:54:27 +0000 https://www.bugcrowd.com/blog/the-ultimate-guide-to-finding-and-escalating-xss-bugs/ https://www.bugcrowd.com/blog/the-ultimate-guide-to-finding-and-escalating-xss-bugs/ The Ultimate Guide to Finding and Escalating XSS Bugs | Bugcrowd XSS Fri, 03 Apr 2026 15:54:25 +0000 https://www.hackerone.com/blog/how-cross-site-scripting-vulnerability-led-account-takeover https://www.hackerone.com/blog/how-cross-site-scripting-vulnerability-led-account-takeover How a Cross-Site Scripting Vulnerability Led to Account Takeover | HackerOne XSS Fri, 03 Apr 2026 15:54:24 +0000 https://www.yeswehack.com/learn-bug-bounty/xss-attacks-exploitation-ultimate-guide https://www.yeswehack.com/learn-bug-bounty/xss-attacks-exploitation-ultimate-guide XSS Attacks & Exploitation: The Ultimate Guide | YesWeHack XSS Fri, 03 Apr 2026 15:54:22 +0000 https://portswigger.net/web-security/cross-site-scripting/cheat-sheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | PortSwigger XSS Fri, 03 Apr 2026 15:54:21 +0000 https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks https://ift.tt/vwg96OZ XSS Fri, 03 Apr 2026 01:46:28 +0000 https://www.hotelmanagement.net/renovations/colwen-hotels-xss-hotels-redevelop-castle-hotel-launch-new-collection-brand https://www.hotelmanagement.net/renovations/colwen-hotels-xss-hotels-redevelop-castle-hotel-launch-new-collection-brand Colwen Hotels, XSS Hotels launch new collection brand https://ift.tt/cbWKXEy XSS Wed, 01 Apr 2026 13:31:56 +0000 https://socradar.io/blog/shadowprompt-zero-click-anthropics-claude/ https://socradar.io/blog/shadowprompt-zero-click-anthropics-claude/ ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropic’s Claude Chrome Extension https://ift.tt/LQkpR3n XSS Wed, 01 Apr 2026 06:11:41 +0000 https://www.esecurityplanet.com/newsletter/cybersecurity-insider/2026-03-31/ https://www.esecurityplanet.com/newsletter/cybersecurity-insider/2026-03-31/ Jira Account Takeover https://ift.tt/wtHJ6Lm XSS Wed, 01 Apr 2026 01:11:41 +0000 https://cert.pl/en/posts/2026/03/CVE-2026-25099/ https://cert.pl/en/posts/2026/03/CVE-2026-25099/ Vulnerabilities in Bludit software https://ift.tt/xf0FONS XSS Tue, 31 Mar 2026 02:31:37 +0000 https://cybersecuritynews.com/stored-xss-bug-in-jira-work-management/ https://cybersecuritynews.com/stored-xss-bug-in-jira-work-management/ Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover https://ift.tt/chvJTgR XSS Mon, 30 Mar 2026 15:11:09 +0000 https://cyberpress.org/stored-xss-flaw-in-jira-work/ https://cyberpress.org/stored-xss-flaw-in-jira-work/ Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise https://ift.tt/tBU50wa XSS Mon, 30 Mar 2026 14:11:54 +0000 https://gbhackers.com/stored-xss-vulnerability-in-jira-work-management/ https://gbhackers.com/stored-xss-vulnerability-in-jira-work-management/ Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover https://ift.tt/NBDfQXj XSS Mon, 30 Mar 2026 11:16:52 +0000 https://cert.pl/en/posts/2026/03/CVE-2025-69236/ https://cert.pl/en/posts/2026/03/CVE-2025-69236/ Vulnerabilities in Raytha software https://ift.tt/KuydOeU XSS Sun, 29 Mar 2026 23:01:47 +0000 https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website https://ift.tt/onyUmWb XSS Thu, 26 Mar 2026 13:31:50 +0000 https://www.ibm.com/think/news/cisa-fbi-release-secure-by-design-on-cross-site-scripting https://www.ibm.com/think/news/cisa-fbi-release-secure-by-design-on-cross-site-scripting CISA and FBI release secure-by-design guidelines on cross-site scripting https://ift.tt/OsAW3Rc XSS Thu, 26 Mar 2026 11:31:39 +0000 https://portswigger.net/blog/http-1-1-must-die-conquering-the-0-cl-challenge https://portswigger.net/blog/http-1-1-must-die-conquering-the-0-cl-challenge HTTP/1.1 Must Die: Conquering the 0.CL Challenge https://ift.tt/zWFgsu7 XSS Thu, 26 Mar 2026 09:26:20 +0000 https://cyberpress.org/zimbra-collaboration-suite-vulnerability/ https://cyberpress.org/zimbra-collaboration-suite-vulnerability/ CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability https://cyberpress.org/zimbra-collaboration-suite-vulnerability/ XSS Thu, 26 Mar 2026 06:26:30 +0000 https://lodgingmagazine.com/renaissance-framingham-hotel-conference-center-debuts-after-transformation/ https://lodgingmagazine.com/renaissance-framingham-hotel-conference-center-debuts-after-transformation/ Renaissance Framingham Hotel Debuts After Transformation https://ift.tt/EsDvhRT XSS Wed, 25 Mar 2026 12:26:47 +0000 https://securityaffairs.com/189744/security/polyshell-flaw-exposes-magento-and-adobe-commerce-to-file-upload-attacks.html https://securityaffairs.com/189744/security/polyshell-flaw-exposes-magento-and-adobe-commerce-to-file-upload-attacks.html PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks https://ift.tt/Vn64pI0 XSS Sat, 21 Mar 2026 10:51:38 +0000 https://cyberpress.org/ghostmail-targets-ukraine-mail/ https://cyberpress.org/ghostmail-targets-ukraine-mail/ Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government https://cyberpress.org/ghostmail-targets-ukraine-mail/ XSS Fri, 20 Mar 2026 14:16:39 +0000 https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover https://ift.tt/Oxljb9W XSS Fri, 20 Mar 2026 11:46:47 +0000 https://cybersecuritynews.com/russian-apt-exploits-zimbra-xss/ https://cybersecuritynews.com/russian-apt-exploits-zimbra-xss/ Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ https://ift.tt/XoOLnMt XSS Fri, 20 Mar 2026 06:11:20 +0000 https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 https://ift.tt/fiP24sx XSS Thu, 19 Mar 2026 15:56:30 +0000 https://www.securityweek.com/russian-apt-exploits-zimbra-vulnerability-against-ukraine/ https://www.securityweek.com/russian-apt-exploits-zimbra-vulnerability-against-ukraine/ Russian APT Exploits Zimbra Vulnerability Against Ukraine https://ift.tt/MVsWfZC XSS Thu, 19 Mar 2026 13:51:12 +0000 https://securityboulevard.com/2026/03/when-httponly-isnt-enough-chaining-xss-and-ghostscript-for-full-rce-compromise/ https://securityboulevard.com/2026/03/when-httponly-isnt-enough-chaining-xss-and-ghostscript-for-full-rce-compromise/ When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise https://ift.tt/aCJHUB2 XSS Wed, 18 Mar 2026 21:06:40 +0000 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/ https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/ CISA orders feds to patch Zimbra XSS flaw exploited in attacks https://ift.tt/AV9sfJM XSS Wed, 18 Mar 2026 20:06:12 +0000 https://www.travelandtourworld.com/news/article/colwen-hotels-and-xss-hotels-complete-the-framingham-hotel-collection-featuring-three-unique-hotels-revamped-public-spaces-and-new-culinary-experiences/ https://www.travelandtourworld.com/news/article/colwen-hotels-and-xss-hotels-complete-the-framingham-hotel-collection-featuring-three-unique-hotels-revamped-public-spaces-and-new-culinary-experiences/ Colwen Hotels and XSS Hotels Complete The Framingham Hotel Collection, Featuring Three Unique Hotels, Revamped Public Spaces and New Culinary Experiences - Travel And Tour World https://ift.tt/eJz6Z0L XSS Tue, 17 Mar 2026 17:36:49 +0000 https://cybersecuritynews.com/angular-xss-vulnerability-xss-attacks/ https://cybersecuritynews.com/angular-xss-vulnerability-xss-attacks/ Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks https://ift.tt/FtpE0RI XSS Tue, 17 Mar 2026 15:38:14 +0000 https://cyberpress.org/angular-xss-vulnerability/ https://cyberpress.org/angular-xss-vulnerability/ Angular XSS Vulnerability Puts Thousands of Web Apps at Risk https://cyberpress.org/angular-xss-vulnerability/ XSS Tue, 17 Mar 2026 12:05:50 +0000 https://gbhackers.com/angular-xss-vulnerability/ https://gbhackers.com/angular-xss-vulnerability/ Angular XSS Vulnerability Threatens Thousands of Web Applications https://ift.tt/CsxVb9J XSS Tue, 17 Mar 2026 10:46:26 +0000 https://www.aikido.dev/blog/storybooks-websockets-attack https://www.aikido.dev/blog/storybooks-websockets-attack Persistent XSS/RCE using WebSockets in Storybook’s dev server https://ift.tt/FpslaPW XSS Sat, 14 Mar 2026 10:31:31 +0000 https://www.forbes.com/sites/daveywinder/2026/03/11/critical-0-click-microsoft-excel-security-bug-lets-copilot-steal-data/ https://www.forbes.com/sites/daveywinder/2026/03/11/critical-0-click-microsoft-excel-security-bug-lets-copilot-steal-data/ Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data https://ift.tt/mTA2R1M XSS Thu, 12 Mar 2026 13:21:29 +0000 https://cybersecuritynews.com/gitlab-security-update-2/ https://cybersecuritynews.com/gitlab-security-update-2/ GitLab Security Update - Patch for XSS and API DoS Vulnerabilities https://ift.tt/WObhDLV XSS Thu, 12 Mar 2026 10:11:07 +0000 https://gbhackers.com/1-click-zitadel-vulnerability/ https://gbhackers.com/1-click-zitadel-vulnerability/ 1-Click ZITADEL Vulnerability Could Allow Full System Takeover https://ift.tt/j43WBuo XSS Mon, 09 Mar 2026 12:36:19 +0000 https://cybersecuritynews.com/xss-vulnerability-in-angular-i18n/ https://cybersecuritynews.com/xss-vulnerability-in-angular-i18n/ Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution https://ift.tt/MaisAIy XSS Wed, 04 Mar 2026 11:01:56 +0000 https://www.igorslab.de/en/checkmk-and-cve-2025-64999-when-a-log-entry-becomes-a-gateway/ https://www.igorslab.de/en/checkmk-and-cve-2025-64999-when-a-log-entry-becomes-a-gateway/ Checkmk and CVE-2025-64999: When a log entry becomes a gateway https://ift.tt/7noF219 XSS Wed, 04 Mar 2026 05:16:33 +0000 https://cyberpress.org/severe-xss-vulnerability/ https://cyberpress.org/severe-xss-vulnerability/ Severe XSS Vulnerability in Angular i18n Enables Malicious Script Injection https://cyberpress.org/severe-xss-vulnerability/ XSS Tue, 03 Mar 2026 10:46:29 +0000 https://gbhackers.com/angular-i18n-flaw/ https://gbhackers.com/angular-i18n-flaw/ Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability https://ift.tt/Zxys3rh XSS Tue, 03 Mar 2026 07:41:41 +0000 https://www.theregister.com/2026/03/02/uk_gov_nips_public_sector/ https://www.theregister.com/2026/03/02/uk_gov_nips_public_sector/ UK govermnent's Vulnerability Monitoring System is working - fixes flow far faster https://ift.tt/razAec0 XSS Mon, 02 Mar 2026 03:41:31 +0000