3 matches found
Mail.ru: "π" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/
Crossite scripting in community.my.games via post comments due to incomplete fix for 848732 I have been working on this issue for 2 hours and over 300 fails. Finally, I could exploit with a very exotic XSS payload. Payload with an emoji a little trick: %F0%9F%98%82!--π//=...
Mail.ru: XSS in [community.my.games]
Crossite scripting in community.my.games via post comments All we say is Thank You for an Account Takeover Flaw!...
Mail.ru: Stored XSS on https://community.my.games/ (Add Post)
Two stored XSS at https://community.my.games/. First XSS via upload photo title at link https://community.my.games/community/game/GameName/ . Second XSS via Discussion at the same link...