Post

SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain

Post

SSO Gadgets: Escalate (Self-)XSS to ATO