XSS using postMessage in Google Cloud Theia notebooks [Google VRP]

Lessons Learned From Exposing Unusual XSS Vulnerabilities

Universal Code Execution by Chaining Messages in Browser Extensions

Self-XSS to ATO via Site Features

How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities