Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation

published on 2025-07-09 03:16:41 UTC by /u/General_Speaker9653
Content:

I recently tested a language-learning site that used live frontend filtering to block HTML input (e.g., <img> <svg> tags were removed as you typed).

But by injecting the payload directly via browser console (without typing it), the input was submitted and stored.

Surprisingly, the XSS executed later on my own profile page — indicating stored execution from a DOM-based bypass.

I wrote a short write-up here:

https://is4curity.medium.com/xss-before-submit-a-dom-based-execution-flaw-hidden-in-plain-sight-5633bdd686c9

enjoy

submitted by /u/General_Speaker9653
[link] [comments]
Article: Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation - published 3 months ago.

https://www.reddit.com/r/netsec/comments/1lv8es2/bypassing_live_html_filtering_to_trigger_stored/   
Published: 2025 07 09 03:16:41
Received: 2025 07 09 03:21:24
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 14

Custom HTML Block

Click to Open Code Editor