@grumpz
Vulnerability Operations @ Synack. InfoSec's Village Idiot. Documenting my journey of pivoting out of a decade long sales career to breaking
| Vulnerability Operations @ Synack | Bug Bounty Hunter. Security Researcher. Wannabe hacker, sharing my thoughts on how to be successful in the cyber security space, after pivoting careers of being a decade long Sales Director.
Vulnerability Operations @ Synack InfoSec's village Idiot, sharing my thoughts on how to be come a successful bug bounty hunter.
Sep 20, 2025 · 4 min read · Discovered by: Michael KimVendor: ui-lib (Uilibrary)Product: Stocky – POS with Inventory Management & HRM (“Ultimate Inventory Management System with POS”)Affected Version: 5.0 (as released June 2025)Impact: Arbitrary JavaScript Execution (Stored XSS...
SSonu commented
Sep 20, 2025 · 4 min read · Discovered by: Michael Kim & Sergio MedeirosVendor: iNiLabsProduct: School Express – School Management System (SMS Express)Affected Version: 6.2 (other versions not tested)Impact: Arbitrary JavaScript Execution (Stored XSS)Attack Type: Remote (Authen...
Join discussion
Sep 20, 2025 · 7 min read · Discovered by: Michael Kim & Sergio MedeirosVendor: LiquidThemesProduct: MagicAI (a.k.a. MagicProject AI)Affected version: 9.1 (other versions untested)Impact: Arbitrary JavaScript execution in users’ browsers (stored XSS)Attack type: Authenticated r...
Join discussion
Nov 10, 2024 · 6 min read · Introduction: As a seasoned cybersecurity researcher and penetration tester, I am constantly on the lookout for certifications that sharpen my skills and keep me at the forefront of web application se
Join discussion
Jun 12, 2024 · 2 min read · Late one night, after working on a couple of bug bounty platforms, I decided to revisit a CVE I found last month. I realized that the web application had implemented the Summernote WYSIWYG Editor, which was the root cause of the stored XSS vulnerabil...
Join discussion
