Rockstar Games: Client-side Template Injection in Search, user email/token leak and maybe sandbox escape

In this report, the researcher was able to perform AngularJS Template Injection on our Support site in order to retrieve data, including email address, userid and tokens. Typically, a user is always able to retrieve this information about themselves and on its own, this is known behavior. However...

Zendesk: Stored XSS via Angular Expression injection on developer.zendesk.com

developer.zendesk.com is vulnerable to stored XSS via Angular template injection. To replicate: Browse to https://developer.zendesk.com Sign up with an arbitrary email address and the following name: "'a'.constructor.prototype.charAt=.join;$eval'x=alert1';" Observe the popup. This is a stored...