nmochea

Opera Browser Reflected (XSS)

I’m glad you’re here. Please have fun reading and don’t forget to connect with my social media Facebook and Twitter.

This post is about an Reflected XSS that I found on Opera Browser Application which could have been used to get cookies and read file logs.

While using opera browser apk I noticed something strange the address bar in opera browser replaced by the reader mode and the web title added without any filter, I know that I can trigger the xss in reader mode but i dont know where so this my conclusion visit the website with xss payload and click the reader mode then xss will trigger.

nmochea

Xiaomi Execute Arbitrary JavaScript using HTML Injection

Hey Everyone, I hope you all are fine and doing well.

In this writeup, I’ll tell you how I was able to Execute Arbitrary JavaScript in Xiaomi Browser using HTML Injection.

About The Issue

Due to lack of HTML sanitization, it is possible to inject malicious iframe tag in Readmode and execute arbitrary JavaScript code.

Package Name

nmochea

PLMUN Student Portal Mobile App

Environment

• Package name: plmun.student.portal
• Version name: 1.1

Description

Welcome to the PLMUN Student Portal App, the ultimate companion for students who want to make the most of their academic journey. Our cutting-edge features will revolutionize the way you navigate your courses and manage your account, giving you the tools you need to succeed.

Our app is designed to streamline your academic experience, so you can focus on what truly matters: your studies. From managing your schedules to accessing course materials, the PLMUN Student Portal App is your one-stop-shop for all your academic needs.