Tag: xss

All the articles with the tag "xss".

• Profile Takeover: Chaining Self-XSS with CSRF

  kOaDT

  4 Mar, 2026

  A Self-XSS in the profile bio editor is harmless on its own. Chain it with a missing CSRF token on the update endpoint and you get cross-user profile takeover.

• Malicious File Upload: Stored XSS via SVG

  kOaDT

  7 Feb, 2026

  Upload a malicious SVG to the admin product image field and get stored XSS that fires for every visitor.

• Stored XSS in Product Reviews

  kOaDT

  23 Jan, 2026

  Exploiting stored cross-site scripting in OopsSec Store's product review functionality to execute JavaScript in every visitor's browser.