Posts

DOM-Based JavaScript Execution in Xiaomi Browser Reader Mode via <title> HTML Injection (Android)

A DOM-based Cross-Site Scripting (XSS) vulnerability was discovered in Xiaomi Browser’s Read Mode due to insufficient sanitization of the HTML tag, allowing arbitrary HTML or JavaScript to be executed via innerHTML.

November 117, 161628 · 3 min · 622 words · Me

Referrer Data Leakage in Facebook via Unvalidated data_uri Parameter

An open redirect vulnerability was discovered in Facebook’s Privacy Checkup endpoint due to the ?back_uri= parameter being processed without any security filtering, allowing attackers to redirect users to malicious website.

November 117, 16169 · 2 min · 391 words · Me

Linkshim Bypassed in Facebook Push Notication via Double URL Encoding

A persistent open redirect vulnerability was discovered in Facebook’s Push Notification endpoint due to improper validation of the ?ref= parameter, allowing attackers to redirect users to malicious sites and potentially facilitate phishing attacks.

November 117, 161636 · 2 min · 401 words · Me

Cross-Site Scripting in Opera Browser Reader Mode via Malicious <title> Tag (Android)

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in Opera Browser for Android’s Reader Mode due to insufficient sanitization of the HTML tag, allowing attackers to execute arbitrary JavaScript, steal sensitive data, or inject malicious content

November 117, 161633 · 3 min · 572 words · Me

Journey

November 117, 16161 · 0 min · 0 words · Me