Multiple Severe Vulnerabilities in MonkeyType.Com Chat Based XSS, Auth bypass, User Spoofing - Write-ups and Disclosures - @disclose_io Community Forum

I published the original article over at my independent research project obsrva.org Executive Overview In May 2021, independent security researcher Tyler Butler found several critical vulnerabilities in monkeytype.com, a popular open-source typing-test application with a booming community of over 100k daily unique visitors. The vulnerabilities included stored cross-site scripting and user impersonation in the tribe chat room feature, as well as an authentication bypass vulnerability enablin

CVE-2022-3415] WordPress Plugin Chat Bubble 2.2 – Unauthenticated Stored Cross-Site Scripting – INFAYER

CVE-2022-3415] WordPress Plugin Chat Bubble 2.2 – Unauthenticated Stored Cross-Site Scripting – INFAYER

Lab 92 – OWASP A6 Security Misconfiguration

Multiple Severe Vulnerabilities in MonkeyType.Com Chat Based XSS, Auth bypass, User Spoofing - Write-ups and Disclosures - @disclose_io Community Forum

How to detect the GoDaddy Blind XSS vulnerability

Multiple Severe Vulnerabilities in MonkeyType.Com Chat Based XSS, Auth bypass, User Spoofing - Write-ups and Disclosures - @disclose_io Community Forum