logo

DOJO Challenge #25 Winners!

ID: 66755cfc-10c6-5f08-98e8-0bb3a37a6a7b

STIX ID: report--66755cfc-10c6-5f08-98e8-0bb3a37a6a7b

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
55/100

Date Published: 2023-07-27

Date Updated: 2026-07-04

...
...

This write-up documents a proof-of-concept CSS injection that enables stored XSS: by importing an attacker-controlled stylesheet the author injects a CSS variable containing an HTML payload which client-side JavaScript reads via getComputedStyle and inserts into the page, triggering onerror script execution; the report demonstrates the PoC, describes the risk to users and organizations, and recommends mitigations such as input sanitization, Content Security Policy, and HTML sanitization libraries.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.