Media Summary: René de Sain – renniepak - NahamCon 2025 Link to the slides: In this episode, we dive into one of the most ignored client-side vulnerability classes: 3000$ Bug Bounty Rewards from Microsoft Forms: How I Discovered a Reflected
Overview

Widgets Gone Wild Exploiting Xss Through Flawed Postmessage Origin Checks - Detailed Analysis

René de Sain – renniepak - NahamCon 2025 Link to the slides: In this episode, we dive into one of the most ignored client-side vulnerability classes: 3000$ Bug Bounty Rewards from Microsoft Forms: How I Discovered a Reflected All demonstrations are intended solely for lawful, ethical, and defensive use. The creator assumes no liability for actions viewers ... This video is Part 2 of our HTML5 security presentation. In this series we discuss the common security Disclaimer This video is intended strictly for educational purposes. All techniques demonstrated should be used responsibly and ...

Gallery

Photo Gallery

Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Origin Checks
Client Side 01: postMessage Bugs
How hackers exploit XSS vulnerabilities to create admin accounts on your WordPress blog
Solved Lab Reflected XSS with event handlers and href attributes blocked
[Fixed] XSS via postmessage on zoho workdrive webapp
3,000$ Bug Bounty Rewards from Microsoft Forms: Reflected XSS Vulnerability
I Found a MASSIVE XSS Vulnerability on a Karting Site in 10 Minutes
Solved Lab Reflected XSS in a JavaScript URL with some characters blocked
Can You Find This CRAZY XSS Vulnerability?
HTML5 Security Part 2/3 - postMessage Vulnerabilities
The Unusual XSS Exploit Nobody Sees Coming | Live bug bounty on a Shopify competitor
Stored xss via File Upload Leads to $3000 Bounty #bug #bugbounty #xss #fileupload #hackwithsuryesh
Related

Related Patients

Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Origin ChecksClient Side 01: postMessage BugsHow hackers exploit XSS vulnerabilities to create admin accounts on your WordPress blogSolved Lab Reflected XSS with event handlers and href attributes blocked[Fixed] XSS via postmessage on zoho workdrive webapp3,000$ Bug Bounty Rewards from Microsoft Forms: Reflected XSS VulnerabilityI Found a MASSIVE XSS Vulnerability on a Karting Site in 10 MinutesSolved Lab Reflected XSS in a JavaScript URL with some characters blockedConverting 300 KPH To Miles Per Hour: A Speed Conversion GuideThe Ageless Jokes And Jovial Journeys Of Cheech And Chong Remain UnchangedWhat Makes Grant Armatto Tick? Unlocking The Secrets To Prosperity And AbundanceUnraveling The Mystery Of MSG: Who Really Holds The Keys?The Rise Of Rengoku Donut: A Meme That's Sweet And FieryYour Go-To Destination For Exclusive Deals And Discounts In Broward CountyGulf Of Mexico Water Temperature: Factors Influencing Its Annual CycleExperience The Thrill Of Bargain Hunting At Trader Jack's Flea Market In The US