BugPoC: csp bypass leads to xss on wacky.buggywebsite.com

Summary: report will be uploaded later - need some sleeps █████████ ███ Steps To Reproduce: PoC above Thanks for the challenge. I tried to use bugpoc for everything but ended up using aws to host the js file - seemed fitting as well and served the purpose. F1065889 Impact taking over all the whac...

Legal Robot: AWS hosting bucket for Legal Robots set as public browse and list contents: s3://legalrobot

Good day, I hope it treats you kindly : Legal Robot looks to use AWS hosting for your website. Description of issue: ===================== The Amazon Bucket s3://legalrobot has been configured to allow Public users access to browse all files on the server. This is a risk as described as it allows...

ec2-175-41-150-229.ap-southeast-1.compute.amazonaws.com XSS vulnerability

Open Bug Bounty ID: OBB-55196 Description| Value ---|--- Affected Website:| ec2-175-41-150-229.ap-southeast-1.compute.amazonaws.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediati...