Kelvin Security Labs

CTF Writeups | Pentesting Labs | Exploits

HOME
CATEGORIES
TAGS
ARCHIVES
ABOUT

Home Categories Cross-Site Scripting

Category

Cross-Site Scripting 2

Stored XSS Leads to Admin Cookie Exfiltration | Crate & Sleeve Jun 20, 2026
Stored XSS and JSONP Callback Injection Leads to Admin Session Theft | PhoneVault Jun 19, 2026

Recently Updated

Client-Controlled OrgID Leads to Cross-Tenant Data Exposure | QueryWho
Stored XSS and JSONP Callback Injection Leads to Admin Session Theft | PhoneVault
Stored XSS Leads to Admin Cookie Exfiltration | Crate & Sleeve
NoSQL Injection Leads to Authentication Bypass | Smoothie
LDAP Injection Leads to Authentication Bypass | MeltDown

Trending Tags

webversepro webverselabs-pro broken-access-control privilege-escalation information-disclosure authentication-bypass rce linux bugforge idor

© 2026 Kelvin. Some rights reserved.

Using the Chirpy theme for Jekyll.

Trending Tags

webversepro webverselabs-pro broken-access-control privilege-escalation information-disclosure authentication-bypass rce linux bugforge idor

A new version of content is available.