xss
Blog Posts (1)
- Dec 27, 2020
You don’t need xss.rocks/xss.jsWhy data URLs are a powerful alternative to hosted JavaScript files for XSS testing and payload delivery.
Research Posts (1)
- Jul 29, 2021
CraftCMS Zero-day Chain: XSS to SSTI triggering RCEReported CVE-2021-27902 (XSS) and CVE-2021-27903 (SSTI) that can be chained together to gain Remote Code Execution in CraftCMS.