| 1 |
Reflected xss in https://sh.reddit.com |
$5000.0 |
| 2 |
Reflected XSS on Pangle Endpoint |
$5000.0 |
| 3 |
SafeParamsHelper::safe_params is not so safe |
$4000.0 |
| 4 |
Reflected XSS online-store-git.shopifycloud.com |
$3500.0 |
| 5 |
Reflected XSS POST method at partners.uber.com |
$3000.0 |
| 6 |
Reflected XSS on TikTok Website |
$3000.0 |
| 7 |
Reflected XSS on multiple uberinternal.com domains |
$2000.0 |
| 8 |
Reflective Cross-site Scripting via Newsletter Form |
$2000.0 |
| 9 |
Reflected XSS in OAUTH2 login flow |
$1989.5 |
| 10 |
XSS while logging using Google |
$1750.0 |
| 11 |
Cross-site scripting on api.collabs.shopify.com |
$1600.0 |
| 12 |
Query parameter reordering causes redirect page to render unsafe URL |
$1500.0 |
| 13 |
Reflected XSS on $Any$.myshopify.com/admin |
$1500.0 |
| 14 |
Reflected XSS in *.myshopify.com/account/register |
$1500.0 |
| 15 |
CSP bypass on PortSwigger.net using Google script resources |
$1500.0 |
| 16 |
Reflected XSS on https://inventory.upserve.com/ (affects IE users only) |
$1200.0 |
| 17 |
XSS by clicking Jira's link |
$1130.0 |
| 18 |
Reflected XSS |
$1000.0 |
| 19 |
Reflected XSS on https://www.uber.com |
$1000.0 |
| 20 |
Reflected XSS on transact.playstation.com using postMessage from the opening window |
$1000.0 |
| 21 |
XSS on link and window.opener |
$1000.0 |
| 22 |
HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute |
$900.0 |
| 23 |
Mattermost Server OAuth Flow Cross-Site Scripting |
$900.0 |
| 24 |
Reflected XSS on secure.chaturbate.com |
$800.0 |
| 25 |
XSS @ store.steampowered.com via agecheck path name |
$750.0 |
| 26 |
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] |
$750.0 |
| 27 |
XSS in www.shopify.com/markets?utm_source= |
$700.0 |
| 28 |
RXSS at image.hackerone.live via the url parameter |
$500.01 |
| 29 |
Reflected XSS via Double Encoding |
$500.0 |
| 30 |
Self-XSS in password reset functionality |
$500.0 |
| 31 |
Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/ |
$500.0 |
| 32 |
Timeline Editor Self-XSS (Previous Fix #738072 Incomplete) |
$500.0 |
| 33 |
Reflected XSS on www.hackerone.com and resources.hackerone.com |
$500.0 |
| 34 |
Reflected XSS on www.hackerone.com via Wistia embed code |
$500.0 |
| 35 |
Reflected XSS в /video |
$500.0 |
| 36 |
XSS reflected on [https://www.pixiv.net] |
$500.0 |
| 37 |
Reflected Xss On https://vk.com/search |
$500.0 |
| 38 |
XSS Reflected at https://sketch.pixiv.net/ Via next_url |
$500.0 |
| 39 |
Reflected XSS in the shared note view on https://evernote.com |
$500.0 |
| 40 |
Regression on dest parameter sanitization doesn't check scheme/websafe destinations |
$500.0 |
| 41 |
Reflected XSS on help.shopify.com |
$500.0 |
| 42 |
Reflected XSS in error pages (NC-SA-2017-008) |
$450.0 |
| 43 |
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx |
$375.0 |
| 44 |
Reflected XSS in www.dota2.com |
$350.0 |
| 45 |
[chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter |
$350.0 |
| 46 |
Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers) |
$300.0 |
| 47 |
XSS in https://mackeeper.com |
$300.0 |
| 48 |
XSS in https://affiliates.kromtech.com |
$300.0 |
| 49 |
RXSS on /landings/123.1/index.php (mackeeperapp.mackeeper.com) |
$300.0 |
| 50 |
[https://app.recordedfuture.com] - Reflected XSS via username parameter |
$300.0 |
| 51 |
Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) |
$300.0 |
| 52 |
Reflected XSS Vulnerability in www.lahitapiola.fi/cs/Satellite |
$250.0 |
| 53 |
Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite |
$250.0 |
| 54 |
[theacademy.upserve.com] Reflected XSS Query-String |
$250.0 |
| 55 |
[0.vk.com] Reflected XSS на странице подтверждения. |
$200.0 |
| 56 |
XSS via X-Forwarded-Host header |
$200.0 |
| 57 |
Reflected XSS in OAuth complete endpoints |
$150.0 |
| 58 |
Zomato.com Reflected Cross Site Scripting |
$100.0 |
| 59 |
[Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2 |
$100.0 |
| 60 |
Reflected XSS on developers.zomato.com |
$100.0 |
| 61 |
Reflected XSS when renaming a file with a vulnerable name which results in an error |
$100.0 |
| 62 |
fix(cmd-socketio-server): mitigate cross site scripting attack #2068 |
$100.0 |
| 63 |
XSS on about:tbupdate |
$100.0 |
| 64 |
Reflected XSS on https://travel.line.me |
$100.0 |
| 65 |
RXSS on thankyou.pixels.php (yapi.mackeeper.com) |
$75.0 |
| 66 |
Reflected XSS (mackeeperapp2.mackeeper.com) |
$75.0 |
| 67 |
RXSS on unsubscribe feature (affiliates.kromtech.com) |
$75.0 |
| 68 |
RXSS on landings/land/3/ron_clean_17_app3_alerts/index.php (mackeeperapp3.mackeeper.com) |
$75.0 |
| 69 |
Reflected XSS on stage.mackeeper.com |
$60.0 |
| 70 |
Reflected xss on mackeeper.com |
$50.0 |
| 71 |
Reflected xss |
$50.0 |
| 72 |
Multiple Links Vulnerable to Reflected xss |
$50.0 |
| 73 |
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/ |
$50.0 |
| 74 |
Cross Site Scripting (Reflected) on https://www.acronis.cz/ |
$50.0 |
| 75 |
Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/ |
$50.0 |
| 76 |
Stored passive XSS at scheduled posts (kitcrm.com) |
$0.0 |
| 77 |
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME |
$0.0 |
| 78 |
XSS |
$0.0 |
| 79 |
XSS |
$0.0 |
| 80 |
XSS in the search bar of mercantile.wordpress.org |
$0.0 |
| 81 |
Cross-site Scripting (XSS) on [maximum.nl] |
$0.0 |
| 82 |
Reflected XSS in .myshopify.com through theme preview |
$0.0 |
| 83 |
Reflected XSS in a DoD Website |
$0.0 |
| 84 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 85 |
Reflected XSS in Zomato Mobile - category parameter |
$0.0 |
| 86 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 87 |
XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js |
$0.0 |
| 88 |
Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter |
$0.0 |
| 89 |
Reflected XSS on a DoD website |
$0.0 |
| 90 |
dom based xss in https://www.rockstargames.com/GTAOnline/ |
$0.0 |
| 91 |
XSS Vulnerability in WooCommerce Product Vendors plugin |
$0.0 |
| 92 |
XSS on http://irc.parrotsec.org |
$0.0 |
| 93 |
Reflected XSS - gratipay.com |
$0.0 |
| 94 |
The Custom Emoji Page has a Reflected XSS |
$0.0 |
| 95 |
[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection |
$0.0 |
| 96 |
XSS в приглашении в группу |
$0.0 |
| 97 |
XSS when Shared |
$0.0 |
| 98 |
[marketplace.informatica.com]-Reflected XSS |
$0.0 |
| 99 |
Unauthenticated Reflected XSS in admin dashboard |
$0.0 |
| 100 |
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
| 101 |
SSL-protected Reflected XSS in m.uber.com |
$0.0 |
| 102 |
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
| 103 |
udi-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
| 104 |
lite:sess Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
| 105 |
muber-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint |
$0.0 |
| 106 |
Reflected XSS using Header Injection |
$0.0 |
| 107 |
Reflected XSS vulnerability in Database name field on installation screen |
$0.0 |
| 108 |
[redis-commander] Reflected SWF XSS via vulnerable "clipboard.swf" component |
$0.0 |
| 109 |
Reflected Cross-site Scripting Vulnerability via JSON Error Message |
$0.0 |
| 110 |
MediaElements XSS |
$0.0 |
| 111 |
Reflected XSS in admin settings |
$0.0 |
| 112 |
Reflected XSS+CSRF on secure.lahitapiola.fi |
$0.0 |
| 113 |
[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite |
$0.0 |
| 114 |
XSS through __e2e_action_id delivered by JSONP |
$0.0 |
| 115 |
Reflected XSS { support.mycrypto.com } |
$0.0 |
| 116 |
Reflected XSS on https://www.zomato.com |
$0.0 |
| 117 |
XSS *.myshopify.com/collections/vendors?q= |
$0.0 |
| 118 |
[bracket-template] Reflected XSS possible when variable passed via GET parameter is used in template |
$0.0 |
| 119 |
Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter |
$0.0 |
| 120 |
Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi |
$0.0 |
| 121 |
XSS in "explore-keywords-dropdown" results. |
$0.0 |
| 122 |
Reflected XSS в /al_audio.php |
$0.0 |
| 123 |
Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team. |
$0.0 |
| 124 |
XSS on redirection page( Bypassed) |
$0.0 |
| 125 |
Reflected XSS (myynti.lahitapiolarahoitus.fi) |
$0.0 |
| 126 |
XSS on support.wordcamp.org in ajax-quote.php |
$0.0 |
| 127 |
xss - reflected |
$0.0 |
| 128 |
Post Based XSS On Upload Via CK Editor [semrush.com] |
$0.0 |
| 129 |
[mercantile.wordpress.org] Reflected XSS |
$0.0 |
| 130 |
XSS in buying and selling pages, can created spoofed content (false login message) |
$0.0 |
| 131 |
Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf |
$0.0 |
| 132 |
Reflective XSS at olx.ph |
$0.0 |
| 133 |
Reflected XSS |
$0.0 |
| 134 |
Reflected xss on theacademy.upserve.com |
$0.0 |
| 135 |
Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS |
$0.0 |
| 136 |
Reflected Cross-Site Scripting in Serendipity (serendipity.SetCookie) |
$0.0 |
| 137 |
Reflected xss in Serendipity's /index.php |
$0.0 |
| 138 |
Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter |
$0.0 |
| 139 |
reflected XSS avito.ru |
$0.0 |
| 140 |
XSS Reflected at SEARCH >> |
$0.0 |
| 141 |
Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript |
$0.0 |
| 142 |
Reflected XSS in lert.uber.com |
$0.0 |
| 143 |
Reflected Xss bypass Content-Type: text/plain |
$0.0 |
| 144 |
Reflected XSS on help.steampowered.com |
$0.0 |
| 145 |
[auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider |
$0.0 |
| 146 |
Reflected XSS in the npm module express-cart. |
$0.0 |
| 147 |
XSS - main page - search[user_id] parameter |
$0.0 |
| 148 |
Reflected Cross site Scripting (XSS) on www.starbucks.com |
$0.0 |
| 149 |
Web Cache Deception Attack (XSS) |
$0.0 |
| 150 |
XSS inside HTML Link Tag |
$0.0 |
| 151 |
Reflected Cross Site Scripting (XSS) |
$0.0 |
| 152 |
Blind XSS via Suspended Ticket Recovery |
$0.0 |
| 153 |
Reflected XSS in https://www.starbucks.co.jp/store/search/ |
$0.0 |
| 154 |
Reflected XSS |
$0.0 |
| 155 |
XSS Reflected on my_report |
$0.0 |
| 156 |
Reflected XSS on https://make.wordpress.org via 'channel' parameter |
$0.0 |
| 157 |
Reflected XSS on https://merchant.kartpay.com/payment_settings [status] |
$0.0 |
| 158 |
Reflected XSS: Taxonomy Converter via tax parameter |
$0.0 |
| 159 |
Reflected XSS / Markup Injection in index.php/svg/core/logo/logo parameter color |
$0.0 |
| 160 |
CSRF leads to a stored self xss |
$0.0 |
| 161 |
Xss on community.imgur.com |
$0.0 |
| 162 |
Reflected XSS in www.olx.co.id |
$0.0 |
| 163 |
Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter |
$0.0 |
| 164 |
Reflected cross-site scripting on multiple Starbucks assets. |
$0.0 |
| 165 |
A reflected XSS in python/Lib/DocXMLRPCServer.py |
$0.0 |
| 166 |
Reflected XSS on m.olx.co.id via ad_type parameter |
$0.0 |
| 167 |
Reflected XSS on www.olx.co.id via ad_type parameter |
$0.0 |
| 168 |
Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters |
$0.0 |
| 169 |
Corda Server XSS ████████ |
$0.0 |
| 170 |
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) |
$0.0 |
| 171 |
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action |
$0.0 |
| 172 |
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action |
$0.0 |
| 173 |
Unauthenticated reflected XSS in preview_as_user function |
$0.0 |
| 174 |
Reflected XSS |
$0.0 |
| 175 |
The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS. |
$0.0 |
| 176 |
Reflected XSS in pubg.com |
$0.0 |
| 177 |
Reflected XSS in https://lite.pubg.com |
$0.0 |
| 178 |
CSS injection in avito.ru via IE11 |
$0.0 |
| 179 |
Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter |
$0.0 |
| 180 |
Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter |
$0.0 |
| 181 |
stripo.email reflected xss |
$0.0 |
| 182 |
RXSS to Stored XSS - forums.pubg.com | URL parameter |
$0.0 |
| 183 |
Reflected + Stored XSS - https://discussion.evernote.com |
$0.0 |
| 184 |
Reflected XSS on www/delivery/afr.php |
$0.0 |
| 185 |
xss in /users/[id]/set_tier endpoint |
$0.0 |
| 186 |
WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass) |
$0.0 |
| 187 |
Reflected xss on 8x8.com subdomain |
$0.0 |
| 188 |
Html Injection and Possible XSS in main nordvpn.com domain |
$0.0 |
| 189 |
Reflected XSS in twitterflightschool.com |
$0.0 |
| 190 |
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com |
$0.0 |
| 191 |
[Reflected XSS] In Request URL |
$0.0 |
| 192 |
Reflected XSS in https://blocked.myndr.net |
$0.0 |
| 193 |
Reflected XSS through multiple inputs in the issue collector on Jira |
$0.0 |
| 194 |
RXSS in http://procurement-businesscatalog.informatica.com |
$0.0 |
| 195 |
Content Injection on api.semrush.com to Reflected XSS |
$0.0 |
| 196 |
Reflected XSS on https://www.semrush.com/my_reports/externalSource/callback/googleAccountsGMB |
$0.0 |
| 197 |
Reflected XSS via XML Namespace URI on https://go.mapbox.com/index.php/soap/ |
$0.0 |
| 198 |
Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 199 |
Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 200 |
Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 201 |
Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action |
$0.0 |
| 202 |
Reflected XSS on https://apps.topcoder.com/wiki/ |
$0.0 |
| 203 |
Reflected XSS on https://apps.topcoder.com/wiki/page/ |
$0.0 |
| 204 |
Reflected cross-site scripting vulnerability on a DoD website |
$0.0 |
| 205 |
Improper Neutralization of Input During Web Page Generation |
$0.0 |
| 206 |
[████████] — XSS on /███████_flight/images via advanced_val parameter |
$0.0 |
| 207 |
MK Site Cross-Site Scripting (XSS) in script context |
$0.0 |
| 208 |
Reflected XSS at https://www.paypal.com/ppcreditapply/da/us |
$0.0 |
| 209 |
Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ |
$0.0 |
| 210 |
Unauthenticated Reflected Cross-Site Scripting on https://account.mackeeper.com/signin page |
$0.0 |
| 211 |
Reflected XSS |
$0.0 |
| 212 |
XSS Reflected |
$0.0 |
| 213 |
Self XSS combine CSRF at https://████████/index.php |
$0.0 |
| 214 |
Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 |
$0.0 |
| 215 |
Xss (cross site scripting) on http://axa.dxi.eu/ |
$0.0 |
| 216 |
Reflected XSS on http://axa.dxi.eu |
$0.0 |
| 217 |
XSS (Cross site scripting) on https://apimgr.8x8.com |
$0.0 |
| 218 |
Reflected XSS and HTML Injectionon a DoD website |
$0.0 |
| 219 |
rxss at https://mackeeper.com page not found via rid parameter |
$0.0 |
| 220 |
Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486) |
$0.0 |
| 221 |
Reflected DOM XSS on www.starbucks.co.uk |
$0.0 |
| 222 |
DOM XSS on duckduckgo.com search |
$0.0 |
| 223 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
| 224 |
[tumblr.com] 69< Firefox Only XSS Reflected |
$0.0 |
| 225 |
Reflected XSS on https://███████/ |
$0.0 |
| 226 |
Reflected XSS in ".mendix.com/openid/" |
$0.0 |
| 227 |
Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters |
$0.0 |
| 228 |
Reflected XSS on ███████ |
$0.0 |
| 229 |
Reflected-XSS on https://www.topcoder.com/tc via pt parameter |
$0.0 |
| 230 |
Reflected Xss |
$0.0 |
| 231 |
Reflected xss on 8x8.vc |
$0.0 |
| 232 |
[m-server] XSS reflected because path does not escapeHtml |
$0.0 |
| 233 |
Cross Site Scripting (XSS) – Reflected |
$0.0 |
| 234 |
Reflected XSS in https://www.█████/ |
$0.0 |
| 235 |
Reflected XSS in https://www.██████/ |
$0.0 |
| 236 |
XSS via referrer parameter |
$0.0 |
| 237 |
Reflected XSS in https://███████ via search parameter |
$0.0 |
| 238 |
XSS Reflected in m.vk.com |
$0.0 |
| 239 |
Reflected XSS on a Atavist theme at external_import.php |
$0.0 |
| 240 |
Reflected XSS at /category/ on a Atavis theme |
$0.0 |
| 241 |
Reflected XSS on a Atavist theme |
$0.0 |
| 242 |
Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration |
$0.0 |
| 243 |
XSS Reflect to POST █████ |
$0.0 |
| 244 |
Reflected XSS on https://████/ (Bypass of #1002977) |
$0.0 |
| 245 |
Download full backup and Cross site scripting |
$0.0 |
| 246 |
Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter |
$0.0 |
| 247 |
Probably unexploitable XSS via Header Injection |
$0.0 |
| 248 |
Multiple Cross-Site Scripting vulnerability via the language parameter |
$0.0 |
| 249 |
Reflected XSS via IE |
$0.0 |
| 250 |
Cross Site Scripting using Email parameter in Ads endpoint 1 |
$0.0 |
| 251 |
Cross Site Scripting using Email parameter in Ads endpoint 2 |
$0.0 |
| 252 |
POST based RXSS on https://█████ via frm_email parameter |
$0.0 |
| 253 |
[intensedebate.com] XSS Reflected POST-Based |
$0.0 |
| 254 |
Reflected XSS on /www/delivery/afr.php (bypass of report #775693) |
$0.0 |
| 255 |
[intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} |
$0.0 |
| 256 |
Reflected XSS on https://█████████html?url |
$0.0 |
| 257 |
Reflected XSS www.█████ search form |
$0.0 |
| 258 |
Reflected XSS on /admin/userlog-index.php |
$0.0 |
| 259 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 260 |
Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php |
$0.0 |
| 261 |
Reflected XSS on https://█████████/ |
$0.0 |
| 262 |
XSS on kubernetes-csi.github.io (mdBook) |
$0.0 |
| 263 |
Reflected XSS In https://███████ |
$0.0 |
| 264 |
Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/ |
$0.0 |
| 265 |
Stealing app credentials by reflected xss on Lark Suite |
$0.0 |
| 266 |
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] |
$0.0 |
| 267 |
RXSS - https://███/ |
$0.0 |
| 268 |
Reflected XSS on https://█████ |
$0.0 |
| 269 |
reflected xss @ www.█████████ |
$0.0 |
| 270 |
Reflected XSS on /admin/campaign-zone-zones.php |
$0.0 |
| 271 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 272 |
Self XSS + CSRF Leads to Reflected XSS in https://████/ |
$0.0 |
| 273 |
Reflected XSS at https://████████/███/... |
$0.0 |
| 274 |
Reflected XSS and possible SSRF/XXE on https://events.hackerone.com/conferences/get_recording_slides_xml.xml?url=myserver/xss.xml |
$0.0 |
| 275 |
Reflected XSS on ███ |
$0.0 |
| 276 |
Reflected XSS in https://██████████ via "████████" parameter |
$0.0 |
| 277 |
Reflected XSS on ███████ |
$0.0 |
| 278 |
Reflected XSS on █████████ |
$0.0 |
| 279 |
Reflected/Stored XSS on duckduckgo.com |
$0.0 |
| 280 |
Reflected XSS on http://www.grouplogic.com/files/glidownload/verify.asp |
$0.0 |
| 281 |
Reflected XSS on www.grouplogic.com/video.asp |
$0.0 |
| 282 |
Flash Based Reflected XSS on www.grouplogic.com/jwplayer/player.swf |
$0.0 |
| 283 |
[XSS] Reflected XSS via POST request in (editJobAlert.htm) file |
$0.0 |
| 284 |
Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true |
$0.0 |
| 285 |
Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter |
$0.0 |
| 286 |
Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter |
$0.0 |
| 287 |
Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH |
$0.0 |
| 288 |
DOM Based XSS on https://████ via backURL param |
$0.0 |
| 289 |
XSS via X-Forwarded-Host header |
$0.0 |
| 290 |
Moodle XSS on evolve.glovoapp.com |
$0.0 |
| 291 |
Cross site scripting |
$0.0 |
| 292 |
Reflected XSS on mtnhottseat.mtn.com.gh |
$0.0 |
| 293 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 294 |
Reflected XSS on https://██████ |
$0.0 |
| 295 |
Reflected XSS through clickjacking at https://████ |
$0.0 |
| 296 |
Reflected XSS at www.███████ at /██████████ via the ████████ parameter |
$0.0 |
| 297 |
Reflected XSS |
$0.0 |
| 298 |
Reflected XSS through ClickJacking |
$0.0 |
| 299 |
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress |
$0.0 |
| 300 |
rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/ |
$0.0 |
| 301 |
[█████████] Reflected Cross-Site Scripting Vulnerability |
$0.0 |
| 302 |
[www.███] Reflected Cross-Site Scripting |
$0.0 |
| 303 |
CSRF Based XSS @ https://██████████ |
$0.0 |
| 304 |
Reflected XSS at [████████] |
$0.0 |
| 305 |
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF |
$0.0 |
| 306 |
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/ |
$0.0 |
| 307 |
Stored-XSS in merge requests |
$0.0 |
| 308 |
Cross site scripting |
$0.0 |
| 309 |
xss reflected on https://███████- (███ parameters) |
$0.0 |
| 310 |
xss on https://███████(█████████ parameter) |
$0.0 |
| 311 |
XSS Reflected on https://███ (███ parameter) |
$0.0 |
| 312 |
Reflected XSS - https://███ |
$0.0 |
| 313 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 314 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 315 |
Reflected XSS on play.mtn.co.za |
$0.0 |
| 316 |
Reflected XSS on delivery.glovoapp.com |
$0.0 |
| 317 |
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight |
$0.0 |
| 318 |
XSS due to CVE-2020-3580 [███.mil] |
$0.0 |
| 319 |
XSS on ███ |
$0.0 |
| 320 |
XSS due to CVE-2020-3580 [██████] |
$0.0 |
| 321 |
XSS due to CVE-2020-3580 [███] |
$0.0 |
| 322 |
Reflected Cross-Site scripting in : mtn.bj |
$0.0 |
| 323 |
███████ - XSS - CVE-2020-3580 |
$0.0 |
| 324 |
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) |
$0.0 |
| 325 |
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi |
$0.0 |
| 326 |
POST based RXSS on https://███████/ via ███ parameter |
$0.0 |
| 327 |
RXSS - ████ |
$0.0 |
| 328 |
RXSS - https://████████/ |
$0.0 |
| 329 |
RXSS Via URI Path - https://██████████/ |
$0.0 |
| 330 |
Reflected Xss https://██████/ |
$0.0 |
| 331 |
Reflected XSS in TikTok endpoints |
$0.0 |
| 332 |
XSS on tiktok.com |
$0.0 |
| 333 |
Reflected XSS at ████ via ██████████= parameter |
$0.0 |
| 334 |
Reflected xss в m.vk.com/chatjoin |
$0.0 |
| 335 |
Reflected XSS on av.ru via q parameter at https://av.ru/collections/* |
$0.0 |
| 336 |
Reflected xss в m.vk.com/chatjoin |
$0.0 |
| 337 |
Reflected XSS in photogallery component on [https://market.av.ru] |
$0.0 |
| 338 |
reflected xss on the path m.tiktok.com |
$0.0 |
| 339 |
RXSS - http://macademy.mtnonline.com |
$0.0 |
| 340 |
Reflected Cross-Site Scripting/HTML Injection |
$0.0 |
| 341 |
Rxss on █████████ via logout?service=javascript:alert(1) |
$0.0 |
| 342 |
Reflected XSS at dailydeals.mtn.co.za |
$0.0 |
| 343 |
Reflected XSS on dailydeals.mtn.co.za |
$0.0 |
| 344 |
Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. |
$0.0 |
| 345 |
XSS Reflected - ██████████ |
$0.0 |
| 346 |
Reflected XSS in https://███████ via hidden parameter "████████" |
$0.0 |
| 347 |
Reflected XSS on https://███/████via hidden parameter "█████████" |
$0.0 |
| 348 |
xss reflected on imgur.com |
$0.0 |
| 349 |
Reflected xss on ads.tiktok.com using from parameter. |
$0.0 |
| 350 |
RXSS ON https://██████████ |
$0.0 |
| 351 |
Reflected XSS at https://██████/██████████ via "████████" parameter |
$0.0 |
| 352 |
Reflected XSS at https://██████/██████ via "██████" parameter |
$0.0 |
| 353 |
Reflected XSS at https://██████████/████████ via "███████" parameter |
$0.0 |
| 354 |
Reflected XSS at https://█████ via "██████████" parameter |
$0.0 |
| 355 |
Reflected XSS at https://█████████ via "███" parameter |
$0.0 |
| 356 |
RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter |
$0.0 |
| 357 |
XSS because of Akamai ARL misconfiguration on ████ |
$0.0 |
| 358 |
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ |
$0.0 |
| 359 |
Reflected XSS - in Email Input |
$0.0 |
| 360 |
RXSS |
$0.0 |
| 361 |
XSS Reflected - ███ |
$0.0 |
| 362 |
Open Akamai ARL XSS at ████████ |
$0.0 |
| 363 |
XSS on https://████/ via ███████ parameter |
$0.0 |
| 364 |
XSS on https://██████/███ via █████ parameter |
$0.0 |
| 365 |
XSS on https://███████/██████████ parameter |
$0.0 |
| 366 |
XSS on https://████████/████' parameter |
$0.0 |
| 367 |
Cross-site Scripting (XSS) - Reflected at https://██████████/ |
$0.0 |
| 368 |
[www.█████] Path-based reflected Cross Site Scripting |
$0.0 |
| 369 |
Reflected XSS on [█████████] |
$0.0 |
| 370 |
xss on [developers.mtn.com] |
$0.0 |
| 371 |
Reflected XSS [███] |
$0.0 |
| 372 |
Reflected XSS [██████] |
$0.0 |
| 373 |
Reflected XSS due to vulnerable version of sockjs |
$0.0 |
| 374 |
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters |
$0.0 |
| 375 |
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload} |
$0.0 |
| 376 |
XSS and iframe injection on tiktok ads portal using redirect params |
$0.0 |
| 377 |
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory |
$0.0 |
| 378 |
Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage |
$0.0 |
| 379 |
Reflected XSS on https://www.glassdoor.com/parts/header.htm |
$0.0 |
| 380 |
RXSS on █████████ |
$0.0 |
| 381 |
Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass] |
$0.0 |
| 382 |
Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm |
$0.0 |
| 383 |
Reflected XSS via ████████ parameter |
$0.0 |
| 384 |
Reflected XSS on https://wwwapps.ups.com/ctc/request?loc= |
$0.0 |
| 385 |
POST BASED REFLECTED XSS IN dailydeals.mtn.co.za |
$0.0 |
| 386 |
[doc.rt.informaticacloud.com] Reflected XSS via Stack Strace |
$0.0 |
| 387 |
Corsa Site Scripting Vulnerability (XSS) |
$0.0 |
| 388 |
cross site scripting in : mtn.bj |
$0.0 |
| 389 |
Reflected XSS on ███ via jobid parameter |
$0.0 |
| 390 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 391 |
RXSS on ███████ |
$0.0 |
| 392 |
RXSS on █████████ |
$0.0 |
| 393 |
Reflected cross site scripting in https://███████ |
$0.0 |
| 394 |
XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution |
$0.0 |
| 395 |
Reflected XSS [██████] |
$0.0 |
| 396 |
Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain |
$0.0 |
| 397 |
XSS DUE TO CVE-2022-38463 in https://████████ |
$0.0 |
| 398 |
XSS in www.glassdoor.com |
$0.0 |
| 399 |
Reflected xss on videostore.mtnonline.com |
$0.0 |
| 400 |
XSS Reflected on reddit.com via url path |
$0.0 |
| 401 |
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli |
$0.0 |
| 402 |
Self XSS in https://linkpop.com/dashboard/admin |
$0.0 |
| 403 |
Reflected Cross site scripting via Swagger UI |
$0.0 |
| 404 |
Jolokia Reflected XSS |
$0.0 |
| 405 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
| 406 |
Reflected XSS | https://████████ |
$0.0 |
| 407 |
Reflected XSS | https://████ |
$0.0 |
| 408 |
Reflected XSS in chatbot |
$0.0 |
| 409 |
Reflected XSS |
$0.0 |
| 410 |
XSS at TikTok Ads Endpoint |
$0.0 |
| 411 |
XSS on ( █████████.gov ) Via URL path |
$0.0 |
| 412 |
reflected xss in www.████████.gov |
$0.0 |
| 413 |
Reflected XSS on ██████.mil |
$0.0 |
| 414 |
Reflected XSS at ████████ |
$0.0 |
| 415 |
[XSS] Reflected XSS via POST request |
$0.0 |
| 416 |
RXSS on https://travel.state.gov/content/travel/en/search.html |
$0.0 |
| 417 |
Reflected XSS in ██████████ |
$0.0 |
| 418 |
Reflected XSS in ██████████ |
$0.0 |
| 419 |
Reflected XSS in ██████ |
$0.0 |
| 420 |
Reflected XSS in ████████████ |
$0.0 |
| 421 |
reflected XSS in [www.equifax.com] |
$0.0 |
| 422 |
reflected XSS in [www.equifax.com] |
$0.0 |
| 423 |
Moodle XSS on s-immerscio.comprehend.ibm.com |
$0.0 |
| 424 |
Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle |
$0.0 |
| 425 |
XSS in ServiceNow logout https://████:443 |
$0.0 |
| 426 |
Reflected XSS via File Upload |
$0.0 |
| 427 |
CVE-2020-11022 |
$0.0 |
| 428 |
Reflected xss on https://█████████ |
$0.0 |
| 429 |
Reflected Cross-site Scripting (XSS) at https://www.tiktok.com/ |
$0.0 |
| 430 |
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman |
$0.0 |
| 431 |
XSS via Vuln Rendertron Instance At ██████████.jetblue.com/render/* |
$0.0 |
| 432 |
Reflected Cross-Site Scripting(CVE-2022-32770 ) |
$0.0 |
| 433 |
xss(r) vcc-na11.8x8.com |
$0.0 |
| 434 |
Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability. |
$0.0 |
| 435 |
Notes attachments render HTML in preview mode |
$0.0 |
| 436 |
CRLF to XSS & Open Redirection |
$0.0 |
| 437 |
Bypass of #2035332 RXSS at image.hackerone.live via the url parameter |
$0.0 |
| 438 |
XSS Reflected |
$0.0 |
| 439 |
CVE-2023-24488 xss on https://██████/ |
$0.0 |
| 440 |
xss reflected - pq.tva.com |
$0.0 |
| 441 |
[██████] Reflected XSS via Keycloak on ██████ |
$0.0 |
| 442 |
Reflected XSS at https://██████/ |
$0.0 |
| 443 |
Reflected XSS in OAUTH2 login flow (https://access.line.me) |
$0.0 |
| 444 |
xss reflected - pqm.tva.com |
$0.0 |
| 445 |
reflected xss in https://wordpress.com/start/account/user |
$0.0 |
| 446 |
[████████] RXSS via "CurrentFolder" parameter |
$0.0 |
| 447 |
RXSS via region parameter |
$0.0 |
| 448 |
RXSS on TikTok endpoints |
$0.0 |
| 449 |
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd] |
$0.0 |
| 450 |
XSS on terra-6.indriverapp.com |
$0.0 |
| 451 |
XSS in Subdomain of DuckDuckGo |
$0.0 |
| 452 |
XSS Refelected on jazz.net |
$0.0 |
| 453 |
XSS in new.loading.page.html |
$0.0 |
| 454 |
Reflective Cross Site Scripting (XSS) on ███████/Pages |
$0.0 |
| 455 |
Parâmetro XSS: Nome de usuário - █████████ |
$0.0 |
| 456 |
Xss Parameter: //[*]/.css ████████ |
$0.0 |
| 457 |
Xss - ███ |
$0.0 |
| 458 |
#3 XSS on watchdocs.indriverapp.com |
$0.0 |
| 459 |
#2 XSS on watchdocs.indriverapp.com |
$0.0 |
| 460 |
#1 XSS on watchdocs.indriverapp.com |
$0.0 |
| 461 |
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com |
$0.0 |
| 462 |
RXSS in hidden parameter |
$0.0 |
| 463 |
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com |
$0.0 |
| 464 |
Reflected XSS via Moodle on ███ [CVE-2022-35653] |
$0.0 |
| 465 |
Reflected XSS on error message on Login Page |
$0.0 |
| 466 |
Reflected Cross-site Scripting via search query on ██████ |
$0.0 |
| 467 |
reflected xss [CVE-2020-3580] |
$0.0 |
| 468 |
Reflected XSS via Keycloak on ███ [CVE-2021-20323] |
$0.0 |
| 469 |
Reflected xss on ████████ |
$0.0 |
| 470 |
Reflected XSS of media.indrive.com |
$0.0 |
| 471 |
XSS on LINE CAREERS |
$0.0 |
| 472 |
Open Akamai ARL XSS on http://media.████████ |
$0.0 |
| 473 |
Open Akamai ARL XSS on http://master-config-████████ |
$0.0 |
| 474 |
Cross Site Scripting |
$0.0 |
| 475 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
| 476 |
Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580 |
$0.0 |
| 477 |
Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module |
$0.0 |
| 478 |
Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via callback parameter |
$0.0 |
| 479 |
Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via msgId parameter - CVE-2020-17453 |
$0.0 |
| 480 |
CSRF and XSS on www.acronis.com |
$0.0 |
| 481 |
Reflected XSS on www.acronis.com/de-de/my/subscriptions/index.html |
$0.0 |
| 482 |
MetaMask Browser (on Android) does not enforce Content-Security-Policy header |
$0.0 |
| 483 |
XSS on ███████ |
$0.0 |
| 484 |
XSS found for https://█████████ |
$0.0 |
| 485 |
Reflected cross site scripting (XSS) attacks Reflected XSS attacks, |
$0.0 |
| 486 |
cross site scripting reflected |
$0.0 |
| 487 |
Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin= |
$0.0 |