Main Blog Portfolio

HackerOne profile

CVE-2020-17476 Mibew Messenger before 3.2.7 allows XSS via a crafted user name
Got credit for that on https://mibew.org/credits

userecho.com OpenRedirect
Got credit for that on https://support.userecho.com/en/knowledge-bases/10/articles/20402-list-of-security-contributors

CVE-2021-39286 Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped
Got credit for that on https://index.commoncrawl.org/.well-known/thanks.txt