1 |
Reflected xss in https://sh.reddit.com |
$5000.0 |
2 |
Reflected XSS on Pangle Endpoint |
$5000.0 |
3 |
SafeParamsHelper::safe_params is not so safe |
$4000.0 |
4 |
Reflected XSS online-store-git.shopifycloud.com |
$3500.0 |
5 |
Reflected XSS POST method at partners.uber.com |
$3000.0 |
6 |
Reflected XSS on TikTok Website |
$3000.0 |
7 |
Reflected XSS on multiple uberinternal.com domains |
$2000.0 |
8 |
Reflective Cross-site Scripting via Newsletter Form |
$2000.0 |
9 |
Reflected XSS in OAUTH2 login flow |
$1989.5 |
10 |
XSS while logging using Google |
$1750.0 |
11 |
Cross-site scripting on api.collabs.shopify.com |
$1600.0 |
12 |
Query parameter reordering causes redirect page to render unsafe URL |
$1500.0 |
13 |
Reflected XSS on $Any$.myshopify.com/admin |
$1500.0 |
14 |
Reflected XSS in *.myshopify.com/account/register |
$1500.0 |
15 |
CSP bypass on PortSwigger.net using Google script resources |
$1500.0 |
16 |
Reflected XSS on https://inventory.upserve.com/ (affects IE users only) |
$1200.0 |
17 |
XSS by clicking Jira's link |
$1130.0 |
18 |
Reflected XSS |
$1000.0 |
19 |
Reflected XSS on https://www.uber.com |
$1000.0 |
20 |
Reflected XSS on transact.playstation.com using postMessage from the opening window |
$1000.0 |
21 |
XSS on link and window.opener |
$1000.0 |
22 |
HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute |
$900.0 |
23 |
Mattermost Server OAuth Flow Cross-Site Scripting |
$900.0 |
24 |
Reflected XSS on secure.chaturbate.com |
$800.0 |
25 |
XSS @ store.steampowered.com via agecheck path name |
$750.0 |
26 |
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] |
$750.0 |
27 |
XSS in www.shopify.com/markets?utm_source= |
$700.0 |
28 |
RXSS at image.hackerone.live via the url parameter |
$500.01 |
29 |
Reflected XSS via Double Encoding |
$500.0 |
30 |
Self-XSS in password reset functionality |
$500.0 |
31 |
Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/ |
$500.0 |
32 |
Timeline Editor Self-XSS (Previous Fix #738072 Incomplete) |
$500.0 |
33 |
Reflected XSS on www.hackerone.com and resources.hackerone.com |
$500.0 |
34 |
Reflected XSS on www.hackerone.com via Wistia embed code |
$500.0 |
35 |
Reflected XSS в /video |
$500.0 |
36 |
XSS reflected on [https://www.pixiv.net] |
$500.0 |
37 |
Reflected Xss On https://vk.com/search |
$500.0 |
38 |
XSS Reflected at https://sketch.pixiv.net/ Via next_url |
$500.0 |
39 |
Reflected XSS in the shared note view on https://evernote.com |
$500.0 |
40 |
Regression on dest parameter sanitization doesn't check scheme/websafe destinations |
$500.0 |
41 |
Reflected XSS on help.shopify.com |
$500.0 |
42 |
Reflected XSS in error pages (NC-SA-2017-008) |
$450.0 |
43 |
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx |
$375.0 |
44 |
Reflected XSS in www.dota2.com |
$350.0 |
45 |
[chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter |
$350.0 |
46 |
Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers) |
$300.0 |
47 |
XSS in https://mackeeper.com |
$300.0 |
48 |
XSS in https://affiliates.kromtech.com |
$300.0 |
49 |
RXSS on /landings/123.1/index.php (mackeeperapp.mackeeper.com) |
$300.0 |
50 |
[https://app.recordedfuture.com] - Reflected XSS via username parameter |
$300.0 |
51 |
Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) |
$300.0 |
52 |
Reflected XSS Vulnerability in www.lahitapiola.fi/cs/Satellite |
$250.0 |
53 |
Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite |
$250.0 |
54 |
[theacademy.upserve.com] Reflected XSS Query-String |
$250.0 |
55 |
[0.vk.com] Reflected XSS на странице подтверждения. |
$200.0 |
56 |
XSS via X-Forwarded-Host header |
$200.0 |
57 |
Reflected XSS in OAuth complete endpoints |
$150.0 |
58 |
Zomato.com Reflected Cross Site Scripting |
$100.0 |
59 |
[Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2 |
$100.0 |
60 |
Reflected XSS on developers.zomato.com |
$100.0 |
61 |
Reflected XSS when renaming a file with a vulnerable name which results in an error |
$100.0 |
62 |
fix(cmd-socketio-server): mitigate cross site scripting attack #2068 |
$100.0 |
63 |
XSS on about:tbupdate |
$100.0 |
64 |
Reflected XSS on https://travel.line.me |
$100.0 |
65 |
RXSS on thankyou.pixels.php (yapi.mackeeper.com) |
$75.0 |
66 |
Reflected XSS (mackeeperapp2.mackeeper.com) |
$75.0 |
67 |
RXSS on unsubscribe feature (affiliates.kromtech.com) |
$75.0 |
68 |
RXSS on landings/land/3/ron_clean_17_app3_alerts/index.php (mackeeperapp3.mackeeper.com) |
$75.0 |
69 |
Reflected XSS on stage.mackeeper.com |
$60.0 |
70 |
Reflected xss on mackeeper.com |
$50.0 |
71 |
Reflected xss |
$50.0 |
72 |
Multiple Links Vulnerable to Reflected xss |
$50.0 |
73 |
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/ |
$50.0 |
74 |
Cross Site Scripting (Reflected) on https://www.acronis.cz/ |
$50.0 |
75 |
Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/ |
$50.0 |
76 |
Stored passive XSS at scheduled posts (kitcrm.com) |
$0.0 |
77 |
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME |
$0.0 |
78 |
XSS |
$0.0 |
79 |
XSS |
$0.0 |
80 |
XSS in the search bar of mercantile.wordpress.org |
$0.0 |
81 |
Cross-site Scripting (XSS) on [maximum.nl] |
$0.0 |
82 |
Reflected XSS in .myshopify.com through theme preview |
$0.0 |
83 |
Reflected XSS in a DoD Website |
$0.0 |
84 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
85 |
Reflected XSS in Zomato Mobile - category parameter |
$0.0 |
86 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
87 |
XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js |
$0.0 |
88 |
Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter |
$0.0 |
89 |
Reflected XSS on a DoD website |
$0.0 |
90 |
dom based xss in https://www.rockstargames.com/GTAOnline/ |
$0.0 |
91 |
XSS Vulnerability in WooCommerce Product Vendors plugin |
$0.0 |
92 |
XSS on http://irc.parrotsec.org |
$0.0 |
93 |
Reflected XSS - gratipay.com |
$0.0 |
94 |
The Custom Emoji Page has a Reflected XSS |
$0.0 |
95 |
[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection |
$0.0 |
96 |
XSS в приглашении в группу |
$0.0 |
97 |
XSS when Shared |
$0.0 |
98 |
[marketplace.informatica.com]-Reflected XSS |
$0.0 |
99 |
Unauthenticated Reflected XSS in admin dashboard |
$0.0 |
100 |
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
101 |
SSL-protected Reflected XSS in m.uber.com |
$0.0 |
102 |
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
103 |
udi-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
104 |
lite:sess Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
105 |
muber-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
106 |
Reflected XSS using Header Injection |
$0.0 |
107 |
Reflected XSS vulnerability in Database name field on installation screen |
$0.0 |
108 |
[redis-commander] Reflected SWF XSS via vulnerable "clipboard.swf" component |
$0.0 |
109 |
Reflected Cross-site Scripting Vulnerability via JSON Error Message |
$0.0 |
110 |
MediaElements XSS |
$0.0 |
111 |
Reflected XSS in admin settings |
$0.0 |
112 |
Reflected XSS+CSRF on secure.lahitapiola.fi |
$0.0 |
113 |
[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite |
$0.0 |
114 |
XSS through __e2e_action_id delivered by JSONP |
$0.0 |
115 |
Reflected XSS { support.mycrypto.com } |
$0.0 |
116 |
Reflected XSS on https://www.zomato.com |
$0.0 |
117 |
XSS *.myshopify.com/collections/vendors?q= |
$0.0 |
118 |
[bracket-template] Reflected XSS possible when variable passed via GET parameter is used in template |
$0.0 |
119 |
Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter |
$0.0 |
120 |
Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi |
$0.0 |
121 |
XSS in "explore-keywords-dropdown" results. |
$0.0 |
122 |
Reflected XSS в /al_audio.php |
$0.0 |
123 |
Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team. |
$0.0 |
124 |
XSS on redirection page( Bypassed) |
$0.0 |
125 |
Reflected XSS (myynti.lahitapiolarahoitus.fi) |
$0.0 |
126 |
XSS on support.wordcamp.org in ajax-quote.php |
$0.0 |
127 |
xss - reflected |
$0.0 |
128 |
Post Based XSS On Upload Via CK Editor [semrush.com] |
$0.0 |
129 |
[mercantile.wordpress.org] Reflected XSS |
$0.0 |
130 |
XSS in buying and selling pages, can created spoofed content (false login message) |
$0.0 |
131 |
Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf |
$0.0 |
132 |
Reflective XSS at olx.ph |
$0.0 |
133 |
Reflected XSS |
$0.0 |
134 |
Reflected xss on theacademy.upserve.com |
$0.0 |
135 |
Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS |
$0.0 |
136 |
Reflected Cross-Site Scripting in Serendipity (serendipity.SetCookie) |
$0.0 |
137 |
Reflected xss in Serendipity's /index.php |
$0.0 |
138 |
Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter |
$0.0 |
139 |
reflected XSS avito.ru |
$0.0 |
140 |
XSS Reflected at SEARCH >> |
$0.0 |
141 |
Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript |
$0.0 |
142 |
Reflected XSS in lert.uber.com |
$0.0 |
143 |
Reflected Xss bypass Content-Type: text/plain |
$0.0 |
144 |
Reflected XSS on help.steampowered.com |
$0.0 |
145 |
[auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider |
$0.0 |
146 |
Reflected XSS in the npm module express-cart. |
$0.0 |
147 |
XSS - main page - search[user_id] parameter |
$0.0 |
148 |
Reflected Cross site Scripting (XSS) on www.starbucks.com |
$0.0 |
149 |
Web Cache Deception Attack (XSS) |
$0.0 |
150 |
XSS inside HTML Link Tag |
$0.0 |
151 |
Reflected Cross Site Scripting (XSS) |
$0.0 |
152 |
Blind XSS via Suspended Ticket Recovery |
$0.0 |
153 |
Reflected XSS in https://www.starbucks.co.jp/store/search/ |
$0.0 |
154 |
Reflected XSS |
$0.0 |
155 |
XSS Reflected on my_report |
$0.0 |
156 |
Reflected XSS on https://make.wordpress.org via 'channel' parameter |
$0.0 |
157 |
Reflected XSS on https://merchant.kartpay.com/payment_settings [status] |
$0.0 |
158 |
Reflected XSS: Taxonomy Converter via tax parameter |
$0.0 |
159 |
Reflected XSS / Markup Injection in index.php/svg/core/logo/logo parameter color |
$0.0 |
160 |
CSRF leads to a stored self xss |
$0.0 |
161 |
Xss on community.imgur.com |
$0.0 |
162 |
Reflected XSS in www.olx.co.id |
$0.0 |
163 |
Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter |
$0.0 |
164 |
Reflected cross-site scripting on multiple Starbucks assets. |
$0.0 |
165 |
A reflected XSS in python/Lib/DocXMLRPCServer.py |
$0.0 |
166 |
Reflected XSS on m.olx.co.id via ad_type parameter |
$0.0 |
167 |
Reflected XSS on www.olx.co.id via ad_type parameter |
$0.0 |
168 |
Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters |
$0.0 |
169 |
Corda Server XSS ████████ |
$0.0 |
170 |
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) |
$0.0 |
171 |
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action |
$0.0 |
172 |
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action |
$0.0 |
173 |
Unauthenticated reflected XSS in preview_as_user function |
$0.0 |
174 |
Reflected XSS |
$0.0 |
175 |
The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS. |
$0.0 |
176 |
Reflected XSS in pubg.com |
$0.0 |
177 |
Reflected XSS in https://lite.pubg.com |
$0.0 |
178 |
CSS injection in avito.ru via IE11 |
$0.0 |
179 |
Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter |
$0.0 |
180 |
Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter |
$0.0 |
181 |
stripo.email reflected xss |
$0.0 |
182 |
RXSS to Stored XSS - forums.pubg.com | URL parameter |
$0.0 |
183 |
Reflected + Stored XSS - https://discussion.evernote.com |
$0.0 |
184 |
Reflected XSS on www/delivery/afr.php |
$0.0 |
185 |
xss in /users/[id]/set_tier endpoint |
$0.0 |
186 |
WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass) |
$0.0 |
187 |
Reflected xss on 8x8.com subdomain |
$0.0 |
188 |
Html Injection and Possible XSS in main nordvpn.com domain |
$0.0 |
189 |
Reflected XSS in twitterflightschool.com |
$0.0 |
190 |
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com |
$0.0 |
191 |
[Reflected XSS] In Request URL |
$0.0 |
192 |
Reflected XSS in https://blocked.myndr.net |
$0.0 |
193 |
Reflected XSS through multiple inputs in the issue collector on Jira |
$0.0 |
194 |
RXSS in http://procurement-businesscatalog.informatica.com |
$0.0 |
195 |
Content Injection on api.semrush.com to Reflected XSS |
$0.0 |
196 |
Reflected XSS on https://www.semrush.com/my_reports/externalSource/callback/googleAccountsGMB |
$0.0 |
197 |
Reflected XSS via XML Namespace URI on https://go.mapbox.com/index.php/soap/ |
$0.0 |
198 |
Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
199 |
Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
200 |
Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
201 |
Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action |
$0.0 |
202 |
Reflected XSS on https://apps.topcoder.com/wiki/ |
$0.0 |
203 |
Reflected XSS on https://apps.topcoder.com/wiki/page/ |
$0.0 |
204 |
Reflected cross-site scripting vulnerability on a DoD website |
$0.0 |
205 |
Improper Neutralization of Input During Web Page Generation |
$0.0 |
206 |
[████████] — XSS on /███████_flight/images via advanced_val parameter |
$0.0 |
207 |
MK Site Cross-Site Scripting (XSS) in script context |
$0.0 |
208 |
Reflected XSS at https://www.paypal.com/ppcreditapply/da/us |
$0.0 |
209 |
Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ |
$0.0 |
210 |
Unauthenticated Reflected Cross-Site Scripting on https://account.mackeeper.com/signin page |
$0.0 |
211 |
Reflected XSS |
$0.0 |
212 |
XSS Reflected |
$0.0 |
213 |
Self XSS combine CSRF at https://████████/index.php |
$0.0 |
214 |
Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 |
$0.0 |
215 |
Xss (cross site scripting) on http://axa.dxi.eu/ |
$0.0 |
216 |
Reflected XSS on http://axa.dxi.eu |
$0.0 |
217 |
XSS (Cross site scripting) on https://apimgr.8x8.com |
$0.0 |
218 |
Reflected XSS and HTML Injectionon a DoD website |
$0.0 |
219 |
rxss at https://mackeeper.com page not found via rid parameter |
$0.0 |
220 |
Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486) |
$0.0 |
221 |
Reflected DOM XSS on www.starbucks.co.uk |
$0.0 |
222 |
DOM XSS on duckduckgo.com search |
$0.0 |
223 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
224 |
[tumblr.com] 69< Firefox Only XSS Reflected |
$0.0 |
225 |
Reflected XSS on https://███████/ |
$0.0 |
226 |
Reflected XSS in ".mendix.com/openid/" |
$0.0 |
227 |
Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters |
$0.0 |
228 |
Reflected XSS on ███████ |
$0.0 |
229 |
Reflected-XSS on https://www.topcoder.com/tc via pt parameter |
$0.0 |
230 |
Reflected Xss |
$0.0 |
231 |
Reflected xss on 8x8.vc |
$0.0 |
232 |
[m-server] XSS reflected because path does not escapeHtml |
$0.0 |
233 |
Cross Site Scripting (XSS) – Reflected |
$0.0 |
234 |
Reflected XSS in https://www.█████/ |
$0.0 |
235 |
Reflected XSS in https://www.██████/ |
$0.0 |
236 |
XSS via referrer parameter |
$0.0 |
237 |
Reflected XSS in https://███████ via search parameter |
$0.0 |
238 |
XSS Reflected in m.vk.com |
$0.0 |
239 |
Reflected XSS on a Atavist theme at external_import.php |
$0.0 |
240 |
Reflected XSS at /category/ on a Atavis theme |
$0.0 |
241 |
Reflected XSS on a Atavist theme |
$0.0 |
242 |
Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration |
$0.0 |
243 |
XSS Reflect to POST █████ |
$0.0 |
244 |
Reflected XSS on https://████/ (Bypass of #1002977) |
$0.0 |
245 |
Download full backup and Cross site scripting |
$0.0 |
246 |
Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter |
$0.0 |
247 |
Probably unexploitable XSS via Header Injection |
$0.0 |
248 |
Multiple Cross-Site Scripting vulnerability via the language parameter |
$0.0 |
249 |
Reflected XSS via IE |
$0.0 |
250 |
Cross Site Scripting using Email parameter in Ads endpoint 1 |
$0.0 |
251 |
Cross Site Scripting using Email parameter in Ads endpoint 2 |
$0.0 |
252 |
POST based RXSS on https://█████ via frm_email parameter |
$0.0 |
253 |
[intensedebate.com] XSS Reflected POST-Based |
$0.0 |
254 |
Reflected XSS on /www/delivery/afr.php (bypass of report #775693) |
$0.0 |
255 |
[intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} |
$0.0 |
256 |
Reflected XSS on https://█████████html?url |
$0.0 |
257 |
Reflected XSS www.█████ search form |
$0.0 |
258 |
Reflected XSS on /admin/userlog-index.php |
$0.0 |
259 |
Reflected XSS on /admin/stats.php |
$0.0 |
260 |
Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php |
$0.0 |
261 |
Reflected XSS on https://█████████/ |
$0.0 |
262 |
XSS on kubernetes-csi.github.io (mdBook) |
$0.0 |
263 |
Reflected XSS In https://███████ |
$0.0 |
264 |
Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/ |
$0.0 |
265 |
Stealing app credentials by reflected xss on Lark Suite |
$0.0 |
266 |
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] |
$0.0 |
267 |
RXSS - https://███/ |
$0.0 |
268 |
Reflected XSS on https://█████ |
$0.0 |
269 |
reflected xss @ www.█████████ |
$0.0 |
270 |
Reflected XSS on /admin/campaign-zone-zones.php |
$0.0 |
271 |
Reflected XSS on /admin/stats.php |
$0.0 |
272 |
Self XSS + CSRF Leads to Reflected XSS in https://████/ |
$0.0 |
273 |
Reflected XSS at https://████████/███/... |
$0.0 |
274 |
Reflected XSS and possible SSRF/XXE on https://events.hackerone.com/conferences/get_recording_slides_xml.xml?url=myserver/xss.xml |
$0.0 |
275 |
Reflected XSS on ███ |
$0.0 |
276 |
Reflected XSS in https://██████████ via "████████" parameter |
$0.0 |
277 |
Reflected XSS on ███████ |
$0.0 |
278 |
Reflected XSS on █████████ |
$0.0 |
279 |
Reflected/Stored XSS on duckduckgo.com |
$0.0 |
280 |
Reflected XSS on http://www.grouplogic.com/files/glidownload/verify.asp |
$0.0 |
281 |
Reflected XSS on www.grouplogic.com/video.asp |
$0.0 |
282 |
Flash Based Reflected XSS on www.grouplogic.com/jwplayer/player.swf |
$0.0 |
283 |
[XSS] Reflected XSS via POST request in (editJobAlert.htm) file |
$0.0 |
284 |
Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true |
$0.0 |
285 |
Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter |
$0.0 |
286 |
Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter |
$0.0 |
287 |
Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH |
$0.0 |
288 |
DOM Based XSS on https://████ via backURL param |
$0.0 |
289 |
XSS via X-Forwarded-Host header |
$0.0 |
290 |
Moodle XSS on evolve.glovoapp.com |
$0.0 |
291 |
Cross site scripting |
$0.0 |
292 |
Reflected XSS on mtnhottseat.mtn.com.gh |
$0.0 |
293 |
Reflected XSS on /admin/stats.php |
$0.0 |
294 |
Reflected XSS on https://██████ |
$0.0 |
295 |
Reflected XSS through clickjacking at https://████ |
$0.0 |
296 |
Reflected XSS at www.███████ at /██████████ via the ████████ parameter |
$0.0 |
297 |
Reflected XSS |
$0.0 |
298 |
Reflected XSS through ClickJacking |
$0.0 |
299 |
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress |
$0.0 |
300 |
rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/ |
$0.0 |
301 |
[█████████] Reflected Cross-Site Scripting Vulnerability |
$0.0 |
302 |
[www.███] Reflected Cross-Site Scripting |
$0.0 |
303 |
CSRF Based XSS @ https://██████████ |
$0.0 |
304 |
Reflected XSS at [████████] |
$0.0 |
305 |
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF |
$0.0 |
306 |
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/ |
$0.0 |
307 |
Stored-XSS in merge requests |
$0.0 |
308 |
Cross site scripting |
$0.0 |
309 |
xss reflected on https://███████- (███ parameters) |
$0.0 |
310 |
xss on https://███████(█████████ parameter) |
$0.0 |
311 |
XSS Reflected on https://███ (███ parameter) |
$0.0 |
312 |
Reflected XSS - https://███ |
$0.0 |
313 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
314 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
315 |
Reflected XSS on play.mtn.co.za |
$0.0 |
316 |
Reflected XSS on delivery.glovoapp.com |
$0.0 |
317 |
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight |
$0.0 |
318 |
XSS due to CVE-2020-3580 [███.mil] |
$0.0 |
319 |
XSS on ███ |
$0.0 |
320 |
XSS due to CVE-2020-3580 [██████] |
$0.0 |
321 |
XSS due to CVE-2020-3580 [███] |
$0.0 |
322 |
Reflected Cross-Site scripting in : mtn.bj |
$0.0 |
323 |
███████ - XSS - CVE-2020-3580 |
$0.0 |
324 |
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) |
$0.0 |
325 |
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi |
$0.0 |
326 |
POST based RXSS on https://███████/ via ███ parameter |
$0.0 |
327 |
RXSS - ████ |
$0.0 |
328 |
RXSS - https://████████/ |
$0.0 |
329 |
RXSS Via URI Path - https://██████████/ |
$0.0 |
330 |
Reflected Xss https://██████/ |
$0.0 |
331 |
Reflected XSS in TikTok endpoints |
$0.0 |
332 |
XSS on tiktok.com |
$0.0 |
333 |
Reflected XSS at ████ via ██████████= parameter |
$0.0 |
334 |
Reflected xss в m.vk.com/chatjoin |
$0.0 |
335 |
Reflected XSS on av.ru via q parameter at https://av.ru/collections/* |
$0.0 |
336 |
Reflected xss в m.vk.com/chatjoin |
$0.0 |
337 |
Reflected XSS in photogallery component on [https://market.av.ru] |
$0.0 |
338 |
reflected xss on the path m.tiktok.com |
$0.0 |
339 |
RXSS - http://macademy.mtnonline.com |
$0.0 |
340 |
Reflected Cross-Site Scripting/HTML Injection |
$0.0 |
341 |
Rxss on █████████ via logout?service=javascript:alert(1) |
$0.0 |
342 |
Reflected XSS at dailydeals.mtn.co.za |
$0.0 |
343 |
Reflected XSS on dailydeals.mtn.co.za |
$0.0 |
344 |
Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. |
$0.0 |
345 |
XSS Reflected - ██████████ |
$0.0 |
346 |
Reflected XSS in https://███████ via hidden parameter "████████" |
$0.0 |
347 |
Reflected XSS on https://███/████via hidden parameter "█████████" |
$0.0 |
348 |
xss reflected on imgur.com |
$0.0 |
349 |
Reflected xss on ads.tiktok.com using from parameter. |
$0.0 |
350 |
RXSS ON https://██████████ |
$0.0 |
351 |
Reflected XSS at https://██████/██████████ via "████████" parameter |
$0.0 |
352 |
Reflected XSS at https://██████/██████ via "██████" parameter |
$0.0 |
353 |
Reflected XSS at https://██████████/████████ via "███████" parameter |
$0.0 |
354 |
Reflected XSS at https://█████ via "██████████" parameter |
$0.0 |
355 |
Reflected XSS at https://█████████ via "███" parameter |
$0.0 |
356 |
RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter |
$0.0 |
357 |
XSS because of Akamai ARL misconfiguration on ████ |
$0.0 |
358 |
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ |
$0.0 |
359 |
Reflected XSS - in Email Input |
$0.0 |
360 |
RXSS |
$0.0 |
361 |
XSS Reflected - ███ |
$0.0 |
362 |
Open Akamai ARL XSS at ████████ |
$0.0 |
363 |
XSS on https://████/ via ███████ parameter |
$0.0 |
364 |
XSS on https://██████/███ via █████ parameter |
$0.0 |
365 |
XSS on https://███████/██████████ parameter |
$0.0 |
366 |
XSS on https://████████/████' parameter |
$0.0 |
367 |
Cross-site Scripting (XSS) - Reflected at https://██████████/ |
$0.0 |
368 |
[www.█████] Path-based reflected Cross Site Scripting |
$0.0 |
369 |
Reflected XSS on [█████████] |
$0.0 |
370 |
xss on [developers.mtn.com] |
$0.0 |
371 |
Reflected XSS [███] |
$0.0 |
372 |
Reflected XSS [██████] |
$0.0 |
373 |
Reflected XSS due to vulnerable version of sockjs |
$0.0 |
374 |
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters |
$0.0 |
375 |
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload} |
$0.0 |
376 |
XSS and iframe injection on tiktok ads portal using redirect params |
$0.0 |
377 |
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory |
$0.0 |
378 |
Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage |
$0.0 |
379 |
Reflected XSS on https://www.glassdoor.com/parts/header.htm |
$0.0 |
380 |
RXSS on █████████ |
$0.0 |
381 |
Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass] |
$0.0 |
382 |
Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm |
$0.0 |
383 |
Reflected XSS via ████████ parameter |
$0.0 |
384 |
Reflected XSS on https://wwwapps.ups.com/ctc/request?loc= |
$0.0 |
385 |
POST BASED REFLECTED XSS IN dailydeals.mtn.co.za |
$0.0 |
386 |
[doc.rt.informaticacloud.com] Reflected XSS via Stack Strace |
$0.0 |
387 |
Corsa Site Scripting Vulnerability (XSS) |
$0.0 |
388 |
cross site scripting in : mtn.bj |
$0.0 |
389 |
Reflected XSS on ███ via jobid parameter |
$0.0 |
390 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
391 |
RXSS on ███████ |
$0.0 |
392 |
RXSS on █████████ |
$0.0 |
393 |
Reflected cross site scripting in https://███████ |
$0.0 |
394 |
XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution |
$0.0 |
395 |
Reflected XSS [██████] |
$0.0 |
396 |
Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain |
$0.0 |
397 |
XSS DUE TO CVE-2022-38463 in https://████████ |
$0.0 |
398 |
XSS in www.glassdoor.com |
$0.0 |
399 |
Reflected xss on videostore.mtnonline.com |
$0.0 |
400 |
XSS Reflected on reddit.com via url path |
$0.0 |
401 |
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli |
$0.0 |
402 |
Self XSS in https://linkpop.com/dashboard/admin |
$0.0 |
403 |
Reflected Cross site scripting via Swagger UI |
$0.0 |
404 |
Jolokia Reflected XSS |
$0.0 |
405 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
406 |
Reflected XSS | https://████████ |
$0.0 |
407 |
Reflected XSS | https://████ |
$0.0 |
408 |
Reflected XSS in chatbot |
$0.0 |
409 |
Reflected XSS |
$0.0 |
410 |
XSS at TikTok Ads Endpoint |
$0.0 |
411 |
XSS on ( █████████.gov ) Via URL path |
$0.0 |
412 |
reflected xss in www.████████.gov |
$0.0 |
413 |
Reflected XSS on ██████.mil |
$0.0 |
414 |
Reflected XSS at ████████ |
$0.0 |
415 |
[XSS] Reflected XSS via POST request |
$0.0 |
416 |
RXSS on https://travel.state.gov/content/travel/en/search.html |
$0.0 |
417 |
Reflected XSS in ██████████ |
$0.0 |
418 |
Reflected XSS in ██████████ |
$0.0 |
419 |
Reflected XSS in ██████ |
$0.0 |
420 |
Reflected XSS in ████████████ |
$0.0 |
421 |
reflected XSS in [www.equifax.com] |
$0.0 |
422 |
reflected XSS in [www.equifax.com] |
$0.0 |
423 |
Moodle XSS on s-immerscio.comprehend.ibm.com |
$0.0 |
424 |
Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle |
$0.0 |
425 |
XSS in ServiceNow logout https://████:443 |
$0.0 |
426 |
Reflected XSS via File Upload |
$0.0 |
427 |
CVE-2020-11022 |
$0.0 |
428 |
Reflected xss on https://█████████ |
$0.0 |
429 |
Reflected Cross-site Scripting (XSS) at https://www.tiktok.com/ |
$0.0 |
430 |
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman |
$0.0 |
431 |
XSS via Vuln Rendertron Instance At ██████████.jetblue.com/render/* |
$0.0 |
432 |
Reflected Cross-Site Scripting(CVE-2022-32770 ) |
$0.0 |
433 |
xss(r) vcc-na11.8x8.com |
$0.0 |
434 |
Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability. |
$0.0 |
435 |
Notes attachments render HTML in preview mode |
$0.0 |
436 |
CRLF to XSS & Open Redirection |
$0.0 |
437 |
Bypass of #2035332 RXSS at image.hackerone.live via the url parameter |
$0.0 |
438 |
XSS Reflected |
$0.0 |
439 |
CVE-2023-24488 xss on https://██████/ |
$0.0 |
440 |
xss reflected - pq.tva.com |
$0.0 |
441 |
[██████] Reflected XSS via Keycloak on ██████ |
$0.0 |
442 |
Reflected XSS at https://██████/ |
$0.0 |
443 |
Reflected XSS in OAUTH2 login flow (https://access.line.me) |
$0.0 |
444 |
xss reflected - pqm.tva.com |
$0.0 |
445 |
reflected xss in https://wordpress.com/start/account/user |
$0.0 |
446 |
[████████] RXSS via "CurrentFolder" parameter |
$0.0 |
447 |
RXSS via region parameter |
$0.0 |
448 |
RXSS on TikTok endpoints |
$0.0 |
449 |
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd] |
$0.0 |
450 |
XSS on terra-6.indriverapp.com |
$0.0 |
451 |
XSS in Subdomain of DuckDuckGo |
$0.0 |
452 |
XSS Refelected on jazz.net |
$0.0 |
453 |
XSS in new.loading.page.html |
$0.0 |
454 |
Reflective Cross Site Scripting (XSS) on ███████/Pages |
$0.0 |
455 |
Parâmetro XSS: Nome de usuário - █████████ |
$0.0 |
456 |
Xss Parameter: //[*]/.css ████████ |
$0.0 |
457 |
Xss - ███ |
$0.0 |
458 |
#3 XSS on watchdocs.indriverapp.com |
$0.0 |
459 |
#2 XSS on watchdocs.indriverapp.com |
$0.0 |
460 |
#1 XSS on watchdocs.indriverapp.com |
$0.0 |
461 |
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com |
$0.0 |
462 |
RXSS in hidden parameter |
$0.0 |
463 |
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com |
$0.0 |
464 |
Reflected XSS via Moodle on ███ [CVE-2022-35653] |
$0.0 |
465 |
Reflected XSS on error message on Login Page |
$0.0 |
466 |
Reflected Cross-site Scripting via search query on ██████ |
$0.0 |
467 |
reflected xss [CVE-2020-3580] |
$0.0 |
468 |
Reflected XSS via Keycloak on ███ [CVE-2021-20323] |
$0.0 |
469 |
Reflected xss on ████████ |
$0.0 |
470 |
Reflected XSS of media.indrive.com |
$0.0 |
471 |
XSS on LINE CAREERS |
$0.0 |
472 |
Open Akamai ARL XSS on http://media.████████ |
$0.0 |
473 |
Open Akamai ARL XSS on http://master-config-████████ |
$0.0 |
474 |
Cross Site Scripting |
$0.0 |
475 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
476 |
Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580 |
$0.0 |
477 |
Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module |
$0.0 |
478 |
Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via callback parameter |
$0.0 |
479 |
Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via msgId parameter - CVE-2020-17453 |
$0.0 |
480 |
CSRF and XSS on www.acronis.com |
$0.0 |
481 |
Reflected XSS on www.acronis.com/de-de/my/subscriptions/index.html |
$0.0 |
482 |
MetaMask Browser (on Android) does not enforce Content-Security-Policy header |
$0.0 |
483 |
XSS on ███████ |
$0.0 |
484 |
XSS found for https://█████████ |
$0.0 |
485 |
Reflected cross site scripting (XSS) attacks Reflected XSS attacks, |
$0.0 |
486 |
cross site scripting reflected |
$0.0 |
487 |
Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin= |
$0.0 |