Exploiting the end user | Cross Site Scripting via svg files

As i am proceeding with my masters study(M.Tech) in computer science , the broad research topic i will be researching upon is Web Application Security . Under that broad area the specific research i have selected is , What are the various ways to exploit the end user means the client side . So i will be focussing on exploiting via daily life objects of virtual world which we use every time like images , videos , docs etc. Wish me luck with that :)
Coming on the point , I was reading the ....


Youtube Editor Stored | DOM Based and Self Executed XSS Vulnerability

Bug Type: Stored | DOM Based and Self Executed XSS Vulnerability
Browser: Chrome, Mozilla , IE etc
Vulnerable Module: Youtube Editor : https://www.youtube.com/editor
Status :Fixed .

Detailed WriteUp: Hey all :) I sent this XSS vulnerability report to Google in October last year. The vulnerability existed in the Youtube Video Editor Module. When you go to the images tab on this editor page.There is a feature to ....


Google Webmaster Markup Helper Framed Application XSS

Bug Type: Stored XSS Vulnerability
Browser: Internet Explorer 7 or less
Vulnerable Module: Markup Helper : https://www.google.com/webmasters/markup-helper/
Status :Wont Fix .

Detailed WriteUp: Hey all :) Back in December 2014 I reported a Cross Site Scripting vulnerability to Google Security . Google webmaster has a module of Structured Data Markup Helper which takes a website URL as a input and render it afte ....


Sending user controlled inputs to jQuery functions may lead to critical XSS

Hey all , Its been some time I am trying to learn the security vulnerabilities related to Javascript .jQuery is one of the most widely used library of javascript . We find it embedded it most of the web pages we see these days. During the learning phase I found a very good post regarding jquery functions that allow HTML Injection . Following is the link to that post:
https://code.google.com/p/domxsswiki/wiki/jQuery Its written by the developer of popular JS Ana ....


Youtube XSS Vulnerability [Stored -> Self Executed]

Bug Type: Stored XSS Vulnerability | Self Executed
Vulnerable parameter: Playlist Name
Status : Fixed

Detailed WriteUp: Hey all :) , Last month i reported a Stored XSS vulnerability to Google which was in youtube playlist module. The playlist name was not being sanitized properly which caused js code to be executed in few parts of site

Reproduction Steps :
1. Create ....