Stored XSS with HTTP only Session Cookies
Published in
2 min readFeb 15, 2024
I got into a bug bounty program where you develop a store front to shill garbage to the masses. After some rooting around I found an XSS location buried in a JSON object inside some script tags. The only possible context breakout was with a </script>
tag. You can read more about XSS context here: