XSS in GMail's AMP4Email via DOM Clobbering - research.securitum.com
Tags
| attack-pattern: | Data Javascript - T1059.007 Vulnerabilities - T1588.006 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | c1e39770-9513-4e04-ad52-00a9599103e1 |
| Fingerprint | a84998310cb6b5dc |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 18, 2019, 6:39 a.m. |
| Added to db | Feb. 18, 2023, 12:58 a.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | XSS in GMail’s AMP4Email via DOM Clobbering |
| Title | XSS in GMail's AMP4Email via DOM Clobbering - research.securitum.com |
| Detected Hints/Tags/Attributes | 40/1/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://research.securitum.com/xss-in-amp4email-dom-clobbering/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | research.securitum.com |
|
| Details | Domain | 1 | amp.gmail.dev |
|
| Details | Domain | 2 | securitum.com |
|
| Details | Domain | 1 | cdn.ampproject.org |
|
| Details | Domain | 1 | this.win |
|
| Details | Domain | 1 | loc.host |
|
| Details | Domain | 1 | window.testlocation.host |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | File | 19 | 1.js |
|
| Details | File | 2 | win.doc |
|
| Details | File | 6 | window.doc |
|
| Details | File | 1 | v0.js |
|
| Details | Url | 1 | https://amp.gmail.dev/playground |
|
| Details | Url | 1 | https://securitum.com |
|
| Details | Url | 1 | https://cdn.ampproject.org/rtv/undefined/v0/amp-auto-lightbox-0.1.js |
|
| Details | Url | 1 | https://cdn.ampproject.org |
|
| Details | Url | 1 | https://pastebin.com/raw/0tn8z0rg# |
|
| Details | Url | 1 | https://cdn.ampproject.org/rtv |
|
| Details | Url | 1 | https://cdn.ampproject.org/v0.js |
|
| Details | Url | 1 | https://cdn.ampproject.org/v0 |