Finding a vulnerability in the patch to a vulnerability which I also discovered.
ClassLink OneClick Extension Part 2: Electric Boogaloo (CVE-2023-45889)
Finding a vulnerability in the patch to a vulnerability which I also discovered.
This is the story of how I found a universal cross-site scripting vector in a browser extension used by over 10 million users.