Back to directory
WRITEUP #565

XSS to OAuth access token leak in office online which can be used to account takeover

XSSCSP bypasspostMessage
by@RenwaX23(Renwa)
Bounty
500
Program
Microsoft
Published
Jan 12, 2024
Added to HackDex
Feb 6, 2024
Read Full Writeuphttps://gist.github.com/RenwaX23/0311842bb790ce98fe0cd8f41141fdf0
RELATED WRITEUPS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
Type confusion attacks in ProseMirror editors
XSSType confusion
Lessons Learned From Exposing Unusual XSS Vulnerabilities
XSSDOM XSS
Universal Code Execution by Chaining Messages in Browser Extensions
XSSUniversal XSS
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat