CVE-2025-7021 OpenAI Operator - API Spoofing through Locking Operator on FullScreen

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input e.g., login credentials, email addresses via displaying a deceptive fullscreen interface with overlaid fake browser...

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...

Uber: SSL-protected Reflected XSS in m.uber.com

Summary m.uber.com is susceptible to reflected XSS Security Impact A malformed URL can be used to render arbitrary SSL-protected web pages from m.uber.com Reproduction Steps https://m.uber.com/?bjbxm%3c%2fscript%3e%3cscript%3ealert1%3c%2fscript%3exrii5=1 Specifics From the rendered web page:...