![]() 10/01/18 - Email from Evernote explaining that previous emails had been intercepted by spam filter, and confirming receipt of security issue.10/01/18 - Follow-up email confirming that initial email sent on 28/12/17 was received.In this post we will walk through a vulnerability identified, and show how improper handling of window messages can allow an attacker to inject JavaScript into the DOM of any web application. The extension also proves to be quite popular: WebClipper is a browser extension, which allows a user to extract and store webpage contents, videos, images etc. ![]() ![]() « Back to home Universal XSS via Evernote WebClipperĭuring an evening of bug hunting, I found a cool issue in Evernote’s WebClipper tool. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |