CraftCMS Zero-day Chain: XSS to SSTI triggering RCE Public Disclosure of CVE-2021-27902 and CVE-2021-27903 July 29, 2021 ◦ 14 min ◦ Security #CraftCMS #XSS #SSTI #RCE #bug bounty #stored cross site scripting #server side template injection #remote code execution #CVE-2021-27902 #CVE-2021-27903
You don’t need xss.rocks/xss.js December 27, 2020 ◦ 3 min ◦ #xss #data urls #xss payloads #xss testing #xss payloads in data urls #data urls for xss