Elevating privileges via a XSS and authorization bypass attack
Sebastian Jeż
A highly effective attack method combines Reflected Cross-Site Scripting (XSS) and authorization vulnerabilities. This attack lets hackers gain unauthorized administrative access. It requires social engineering to trick an administrator into running malicious JavaScript code, which then changes user permissions, potentially taking over accounts.
READ article
