XSS

Cross-site scripting is a common security flaw in web apps. Use these hands-on scenarios to find XSS attacks.

DotNetNuke: XSS to RCE (CVE-2026-40321)

DotNetNuke (DNN) might be a leading CMS in the Microsoft ecosystem, but a routine test on an older version accidentally led us straight to a brand-new 0-day. In this write-up, we escalate a simple Stored XSS vulnerability into a full Remote Code Execution (RCE) chain (CVE-2026-40321). Read the full article to see how we smuggled payloads inside SVG files, weaponized DNN's internal messaging to spear-phish admins, and seamlessly dropped an ASPX backdoor right into the server root

Author(s)

Matei "Mal" Badanoiu (aka CVE Jesus)

Published at: 20 Apr 2026

Security research

10 Practical scenarios for XSS attacks

Let’s delve into these 10 practical attack scenarios with actionable examples that highlight the real risk of cross-site scripting (XSS) vulnerabilities.

Author(s)

Published at: 07 Jul 2023

Platform updates

December updates: 6 new ways to make your workflow smoother

Hope 2022 is off to a great start for you! Supporting your security efforts is what we do, so here’s a fresh batch of platform updates we rolled out at the end of 2021. Why check them out? Because they’ll help you get more work done, faster with the same tools and features you know (and hopefully love!).

Author(s)

Ioana Rijnetu

Published at: 20 Jan 2022

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account