Wormable Stored XSS in Genspark AI Chat — Via Unsanitized AI Output

Summary A Stored XSS vulnerability was identified in Genspark’s AI Chat feature. By crafting a specific prompt, an attacker can cause the AI to generate malicious HTML that is rendered directly int...

Mar 3, 2026 Bug Bounty

DOM-based XSS in Cốc Cốc Dictionary & Translate Extension — Via Unsanitized Text Selection

Summary A DOM-based XSS vulnerability was identified in the default “Dictionary & Translate” (Từ điển và Dịch) extension bundled with Cốc Cốc browser. When a user highlights text containing HTM...

Mar 3, 2026 Bug Bounty

Wormable Stored XSS in Genspark AI Chat — Via Unsanitized AI Output

DOM-based XSS in Cốc Cốc Dictionary & Translate Extension — Via Unsanitized Text Selection

Trending Tags