| 5048 | Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
XSS
SSRF
LFI |
NA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 4839 | Stored XSS, and SSRF in Google using the Dataset Publishing Language |
Stored XSS
SSRF |
Google |
Craig Arendt (@signalchaos) |
Bug Bounty | 2018-03-07 | 2023-06-13 |
| 4770 | Internet Safety for Kids & Families — Trend Micro Bypass DOM XSS |
DOM XSS |
Trend Micro |
Honc (@honcbb) |
Bug Bounty | 2018-05-08 | 2023-06-13 |
| 3863 | Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO) |
RTLO |
Opera |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-10-26 | 2023-06-13 |
| 3793 | Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. |
RCE |
Telegram |
Vladimir Metnew (@vladimir_metnew) |
Bug Bounty | 2019-12-08 | 2023-06-13 |
| 3789 | AirDoS: Remotely render any nearby iPhone or iPad unusable |
DoS |
Apple |
Kishan Bagaria (@KishanBagaria) |
Bug Bounty | 2019-12-10 | 2023-06-13 |
| 3661 | Plan Change Logic in Google Fiber (Webpass) |
Logic flaw
Payment tampering |
Google |
Craig Arendt (@signalchaos) |
Bug Bounty | 2020-02-17 | 2023-06-13 |
| 3013 | Exploiting dynamic rendering engines to take control of web apps |
SSRF
Open redirect |
NA |
Vasilii Ermilov (@ermil0v) |
Bug Bounty | 2020-11-19 | 2023-06-13 |
| 2966 | Download Filename Manipulation due to improper rendering of RTLO characters |
RTLO |
NA |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2020-12-15 | 2023-06-13 |
| 2542 | SSRF in PDF Renderer using SVG |
SSRF |
NA |
pwn.vg / Tomi (@mastomii) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
| 2320 | A Bug%27s Life: CVE-2021-21225 |
Browser hacking |
Google |
Brendon Tiszka (@btiszka) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
| 1186 | But You Told Me You Were Safe: Attacking The Mozilla Firefox Renderer (Part 1) |
Browser hacking
RCE
Prototype pollution |
Mozilla |
Hossein Lotfi (@hosselot) |
Bug Bounty | 2022-08-23 | 2023-06-13 |
| 394 | Give me a browser, I’ll give you a Shell |
Local Privilege Escalation
Kiosk hacking |
NA |
Rend |
Bug Bounty | 2023-02-25 | 2023-06-13 |
| 373 | Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input |
SSRF
HTML injection
XSS |
NA |
Cristi Vlad (@CristiVlad25) |
Bug Bounty | 2023-03-01 | 2023-06-13 |
| 101 | Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities |
Chatbot
Websockets
Cross-Site WebSocket Hijacking (CSWH)
Captcha bypass |
NA |
Abeer Banerjee (@bugasur) |
Bug Bounty | 2023-05-11 | 2023-06-13 |
| 82 | LOLBINed — Finding “LOLBINs” In AV Uninstallers |
Local Privilege Escalation |
Kaspersky
F-Secure
Trend Micro
McAfee |
Nasreddine Bencherchali (@nas_bench) |
Bug Bounty | 2023-05-17 | 2023-06-13 |
