Ostorlab: Mobile App Security Testing for Android and iOS

Tag

xss

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Ostorlab Team


            Mon 28 July 2025

Security

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPre...

Nour Eddine Masdoufi


                  Thu 10 October 2024

Product

Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release

Dive into our latest release featuring cutting-edge XSS detection, streamlined CircleCI workflows...

Ostorlab Team


                  Wed 31 July 2024

Engineering

Enhancing PostMessage XSS Detection with Proxy Object Instrumentation

The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerab...

Alaeddine Mesbahi


                  Thu 04 April 2024

Product

Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.

This update introduces fixes for the Attack Surface, migration of Agent's Docker Images to Docker Hub, enhanced detection capabilities for vulnerabilities, and support for ARM64 architecture in OSS.

Ostorlab Team


                  Mon 25 March 2024

Product

IAM, XSS and over 1000 new dynamic rules.

Recent updates have significantly enhanced dynamic analysis with new programming language support and vulnerable pattern detection, refined IAM management with new roles, improved granularity in attack surface access, advanced XSS detection, and vulnerable dependency identification, alongside crucial bug fixes across the system.

Ostorlab Team


                  Mon 12 February 2024

Latest posts

Product

August Fix-it!

During our recent Fix-It Week 🛠️😃, our dedicated team put in a tremendous effort to address and resolve over 107 issues affecting our systems.

Ostorlab Team


                    Tue 08 August 2023

Security

Finding superhuman XSS polyglot payloads with Genetic Algorithms

The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.

Alaeddine Mesbahi


                    Mon 01 March 2021

Security

DOM XSS Fuzzing strategies - Part 1

XSS are still by far the most common type of vulnerabilities, this article presents strategies to automate the search for XSSes.

ASM


                    Sat 22 December 2018

Changelog

View all changes

Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release


                  Wed 31 July 2024

Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.


                  Mon 25 March 2024

IAM, XSS and over 1000 new dynamic rules.


                  Mon 12 February 2024

August Fix-it!


                  Tue 08 August 2023

xss

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release

Enhancing PostMessage XSS Detection with Proxy Object Instrumentation

Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.

IAM, XSS and over 1000 new dynamic rules.

Latest posts

August Fix-it!

Finding superhuman XSS polyglot payloads with Genetic Algorithms

DOM XSS Fuzzing strategies - Part 1

Changelog

Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release

Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.

IAM, XSS and over 1000 new dynamic rules.

August Fix-it!

Subscribe to the Ostorlab Newsletter