Tag: chain

All the articles with the tag "chain".

• Profile Takeover: Chaining Self-XSS with CSRF

  kOaDT

  4 Mar, 2026

  A Self-XSS in the profile bio editor is harmless on its own. Chain it with a missing CSRF token on the update endpoint and you get cross-user profile takeover.