Tag feed

#xss

159 posts24 followers

Trending tags this week

XSS Introduction (TryHackMe)

5d ago · 24 min read · Link to the Walkthrough/Challenge on TryHackMe: XSS Introduction Introduction Web applications power most business workflows, and Cross-Site Scripting (XSS) remains one of the easiest paths for attack

Join discussion

BMBastien Mirlicourtoisthelearningmachine.dev

1

Web Security 101 — how attackers borrow your identity, and how to stop them

5d ago · 16 min read · I kept seeing the same advice. "Sanitize your inputs." "Set HttpOnly." "Add a CSRF token." I knew these mattered. I even knew how to apply them. But I couldn't have told you what I was actually defend

RRichard commented

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

Zimbra XSS at Scale: Exploiting 10K+ Servers in Enterprise Email

Apr 25 · 6 min read · Originally published on satyamrastogi.com 10,000+ Zimbra Collaboration Suite instances vulnerable to active XSS exploitation. Attack chain enables session hijacking, credential theft, and lateral movement. Analysis of exploitation patterns and defen...

Join discussion

SASolabi Abrahamblessme.hashnode.dev

0

Why Strict Input Validation on the Frontend Matters More Than You Think

Apr 15 · 4 min read · When building user-facing applications, it’s easy to treat frontend validation as a “nice-to-have”, something mainly for improving UX. But in reality, the frontend is your first line of defense agains

Join discussion

PBPradip Bhattaraiblog.pradeepbhattarai.me

0

Intigriti March 2026 XSS Challenge: Full Writeup

Apr 13 · 8 min read · Initial Reconnaissance The challenge presents itself as the "Intigriti Secure Search Portal", an interface with a search box and a "Report it to Admin" link. That report link is the classic signal: th

Join discussion

Ttheblxckcicadablog.ovawatch.co.za

1

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

Apr 10 · 2 min read · This was my first ever valid bug bounty report through a VDP, and it got marked Medium severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty i

AArchit commented

RRRoshni Rajaniroshnirajanii.hashnode.dev

0

XSS happens only in Open Source is a myth.

Apr 2 · 1 min read · XSS is a coding mistake — not an “open source” problem. It occurs whenever user input isn’t properly validated, sanitized, or encoded, whether the code is public, private, free, or paid. Think of a we

Join discussion

EEEmma Engströmpentesting-dvwa.hashnode.dev

0

DOM-Based XSS in DVWA

Mar 29 · 14 min read · Introduction This post examines a DOM-based cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) and demonstrates how it can be exploited to achieve client-side code

Join discussion

NBNishil Bhavenishilbhave.hashnode.dev

0

How to Secure an API: The 4-Layer Framework That Works

Mar 29 · 14 min read · How to Secure an API: The 4-Layer Framework That Works APIs are the backbone of every modern app. They are also the most common entry point for attackers. Most developers bolt security on as an afterthought: one middleware, one config flag, one if us...

Join discussion

HNHabib Najibullahhabib0x.com

0

Weaponizing MCP: From Chat Tool to Cloud Breach

Mar 26 · 17 min read · How MCP Works (and Why It's a Big Attack Surface) MCP (Model Context Protocol) is a standard created by Anthropic for connecting AI models to external tools and data. Think of it as a universal plug s

Join discussion

#xss

Search Hashnode

#xss

Trending tags this week

XSS Introduction (TryHackMe)

Web Security 101 — how attackers borrow your identity, and how to stop them

Zimbra XSS at Scale: Exploiting 10K+ Servers in Enterprise Email

Why Strict Input Validation on the Frontend Matters More Than You Think

Intigriti March 2026 XSS Challenge: Full Writeup

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

XSS happens only in Open Source is a myth.

DOM-Based XSS in DVWA

How to Secure an API: The 4-Layer Framework That Works

Weaponizing MCP: From Chat Tool to Cloud Breach